Retailers are being hacked at a high volume with around 52% suffering some kind of cyberattack, according to the Thales Data Threat Report on Retail.[1] While retailers are ramping up spending for security, with 77% increasing it, they are still a huge target. In fact, they are the second most targeted sector after government. Why? Because cybercriminals want consumer information, and sometimes retailers are just making it too easy for them to steal it.

Has Retail Learned Nothing from the Target Breach?

It’s been nearly five years since one of the largest retail breaches in history occurred. It impacted 41 million consumers and cost Target $18.5 million. While it was a third-party vendor that allowed the hackers in, Target was still vulnerable on its own around logging and authorizations. Before the Target breach, the retail space as a whole was woefully unprepared. The retail infrastructure has only expanded since then. Retailers collect more data, use cloud storage more than ever, and have added Internet of Things (IoT) devices to their networks. This gives cybercriminals even more opportunity.

The need for better encryption and security methods is obvious. But with cyber attacks and breaches making regular headlines, what are retailers doing now to thwart this risk?

Shifting from Reactive to Proactive

Retailers have long been concerned about shrinkage in the physical sense and have developed sophisticated workflows to reduce it. They need to turn that same obsession to their digital footprint. Because data breaches can be much costlier than shrinkage, hitting profits and their reputation.

The top things retailers should consider are:

  • Strengthen domain and network security
  • Establish strong password policies
  • Keep software updated, as this is a typical “doorway” into networks
  • Segment networks and group by the sensitivity of the information
  • Employ ethical hackers to find weaknesses
  • Educate employees about cybersecurity (human error continues to be a weak link and the leading entry point)

Hackers won’t stop pursuing retailers and their treasure trove of data. Retailers must shift to a proactive rather than reactive approach to cybersecurity. Their information security focus needs to be on prevention rather than mitigation. When retailers commit to this and enact these six practices, the target on their back may begin to fade.

[1] https://dtr-retail.thalesesecurity.com/