Fortune Favours the Prepared: How effective CISOs can be game-changers for Retail Companies


The landscape of retail is changing, and at an unprecedented pace. The rise of digital sales and the decline of the traditional high street present new opportunities through the emergency of Industry 4.0: Internet of Things (IoT), artificial intelligence (AI) and robotics. Industry 4.0 symbolises the rise of the new digital industrial technology and significant improvements in speeds of production, sale and delivery. 

However, some companies struggle to keep pace with the change of speed, sacrificing vital aspects of cyber security. Consequently, they’ve opened the shop window for opportunistic hackers. 

Reputation is paramount for any RETAIL company TO BE SUCCESSFUL. THIS IS especially TRUE FOR e-tailers. BUT, there’s nothing more damaging to reputation than a cyber-attack. 

Retailers report an increase in customer churn rates following a successful cyber attack. Further to the reputation and brand damage, cyber attacks cost an average of £3 million to UK businesses.
Such cost can mean the difference between a company surviving or being forced to take drastic counter-measures to downsize - or potentially file for bankruptcy - as the fate for Westinghouse Nuclear and SolarWorld, now defunct.

Retailers have to be aware of the importance of cyber security, but this poses a new challenge - how to transform security systems and implement new organisational measures whilst maintaining a competitive advantage?

The Cyber Security Landscape In Retail: Strengths and Weaknesses

The sheer volume of retail transactions in cash, cards, POS, and online allows scope for cyber criminals to easily steal data and money. Unlike banks, most retail organisations are yet to employ a root-and-branch approach to strong cyber security and fail to create robust protection at every level. 

However, it wouldn’t be fair to say that retailers do nothing to ensure adequate protection. Some larger retail organisations use integrated APIs to allow users to transact via banks where measures are much more secure. These are stronger security measures, but not impenetrable, given said APIs are still susceptible to subterfuge through clever re-directing to bogus counterfeit websites and imitation pages designed to steal data.

The very competitive cut-throat nature of retail means it’s not uncommon for organisations to indirectly employ data mining corporations in order to obtain priceless information about rival product launches, spending habits and other proprietary data. 

As a result, it’s very easy for criminals to build a list attractive to competitors, and lucrative for cyber criminals to sell this list on the open market to the highest bidder. 

When Retail Cyber Security goes Wrong – Companies Falling Foul

The threat of cyber crime in retail is only increasing every year.

PwC estimate that attacks against retailers are increasing by "over 30%" each year. 

Similarly, the British Retail Consortium’s survey revealed that 80% of those surveyed saw an increase of cyber crime activity in 2018. 

The digital revolution appears to be the root cause, especially in retail. Online sales might make it easier for you to get that item you want, but it also makes it a lot easier to hackers to get the data and details they want, too.


Most alarming is how brazen criminals are becoming with heat-of-the-moment attacks against SMEs by opportunist criminals seeking a quick pay day:
  • Cosmetic Giant Yves Rocher was hit by a data breach resulting in 2.5 million customer profiles, leaking names, dates of birth, buying profiles and contact details.
  • Vision Direct exposed 6,600 online customers personal and financial information, as well as warning that a further 16,300 were at risk. Payments from Visa, Mastercard and Maestro were all affected.
  • US Retail giant Target had to report 70 million customer debit and credit cards stolen thanks to malware.

InSights 2019 report revealed that their research shows that cybercrime costs retailers $30 billion a year in total.

The Four Top Cyber Security Threats Impacting Retail

Point of Sale (POS) System Vulnerabilities:
POS systems are essential for retailers to track and store transaction data for tens of thousands of transactions every day. However POS systems often rely on out-dated operating systems, easy-to-guess or default passwords, or RAM-scraping techniques which do not encrypt data before it is transferred. Hackers can easily breach POS systems and steal unencrypted data, before selling it on, all before an organisation realises.
Electronic Devices and the IoT
Although the IoT could help drive further transformation in retail, it’s no surprise IoT exploits offer more hacking attempts. IoT devices have no standard regulation and as they are created by third parties, thus no way to ensure full compliance. With the wide range of items capable of IoT connection, hackers have a plethora of options to try and steal data. 

Distributed Denial-Of-Service (DDoS)
DDoS attacks are becoming more common in the retail market. According to Verizon’s Data Breach Investigations Report (DBIR), 33% of all cyber attacks upon retailers come from DDoS. Cyber extortion upon retailers is growing, with hackers demanding ransoms to stop denial of service and crippling websites and infrastructure so they cannot sell their products and services online. 

Distributed Denial of Service attacks cost victims £30,000 per hour and last between 6 and 24 hours on average, making them extremely lucrative. 

Furthermore, when combined with other tactics, they can be a very effective smokescreen for other malware or ransomware. 

Malware and Ransomware
The dark web has become a hive of activity for circulating malware and ransomware freely and easily. Verizon’s research reveals malware was responsible for over 700 incidents in 2018 and anticipated to increase every year. 

Verizon’s report also shows "ransomware is the most common type of malware, found in 39% of malware-related data breaches." 

As retailers can’t afford to be denied service for long periods of time and concerned with loss of critical data, they find themselves hostage to ransomware demands and pay hefty five figure sums to escape the issue – only to be confronted again shortly after from a subsequent attack. 

Fortune Favours the Prepared

Retail organisations need to change their approach to cyber security. Progressive organisations have already begun to make cyber security a critical issue for the board to address. The smartest of these organisations have hired highly qualified, skilled and experienced Chief Information Officers (CIOs) and Chief Information Security Offers (CISOs) to help secure their organisations. 

CIOs and CISOs serve as a bridge between the boardroom and day-to-day retail activities, the long-term strategic direction of the IT teams, and aid retailers plan wider cyber security measures to protect their businesses. Whilst a CISO might seem like an expensive outgoing, consider the below: 

The average cost of employing a CISO is £105,000 per annum, according to ITJobsWatch, yet EACH TIME A COMPANY IN THE UK SUFFERS A data breach, IT costs £3 million. 

When you do the maths, can a company really afford to lose out on this? 

What’s more, a quality CISO will not only influence the transformation of your cyber security department, it can also help you develop the vital competitive edge in retail. Customers are fickle and if your competition suffers an embarrassing cyber-attack, you need to have the infrastructure in place to assure people of your compliance and thus steal away their customer base. Without the right kind of leadership driving your cyber security team, it will be difficult to prove this.

 If you would like more information on how your retail organisation can benefit from having CISO or CIO spearheading your cyber security, contact Via Resource today. We’ll explain how you can stay safe in the modern retail market and guard against the threat of cyber crime. 

Additionally, If you are interested to learn how your retail company can conduct a complete security transformation and bring yourself up to date with the latest cyber security infrastructure, download our exclusive Security Transformation in the Retail Industry whitepaper here

If you want to read more, find out how the Legal industry is dealing with cyber crime or alternatively, explore why most pharmaceutical firms are especially at risk from cyber criminals.