3 Takeaways from Retail Cybersecurity Breaches

Retail businesses process large quantities of transactions and customer data, making them common targets for cybersecurity attacks. As recently as January of this year, fashion retailer JD Sports announced a breach that potentially affected 10 million customers, granting hackers access to their names, addresses, phone numbers, and the final four digits of their debit and credit cards. Breaches like this not only affect customer confidence and an organization’s reputation, they also expose companies to lawsuits and regulatory action, exemplified by an $8 million payout given by Wawa after a cybersecurity event compromised customer data. In the face of costly breaches like these, retail cybersecurity is a renewed focus for many organizations.

These events highlight the importance of:

1. Data Management

The more information your organization stores, the more opportunities there are for hackers to take advantage of your systems. Because the data affected by the JD Sports breach was years old at the time of the attack, many analysts pointed to the quantity and age of the stored data as a possible area for remediation. By properly classifying, encrypting and when appropriate, safely disposing of customer data, you can mitigate the impact of a possible cybersecurity breach.

2. Employee training

Retail organizations employ large workforces with high turnover rates, creating ample opportunities for hackers to exploit inadequate training and gain access to sensitive data. Phishing attacks, social engineering and ransomware are all bolstered by human error, so ensuring that your workforce knows how to identify a suspicious email or file and what to do in the face of an event will make your organization safer and more resilient.

3. Network segmentation

When sensitive customer information is processed alongside other network traffic, that increases the possibility of a breach. By segmenting your organizational network into different functional units, you can better control access to sensitive data and reduce the impact of an attack when it occurs. Cybersecurity attacks can be seriously dangerous when a backdoor at one part of your network grants hackers access to information stored elsewhere—by reducing the possibility of such an event, you make your organization more secure.

There are a variety of actions that your company can take to reduce the likelihood of a retail cybersecurity breach, but it can be hard to keep track of which actions are taking place in which parts of your organization and how effective they are. With ProcessUnity for Cybersecurity Risk Management, you can monitor cyber risks, prioritize mitigation efforts and track control effectiveness. With customizable dashboards and reporting, you can quickly gather information to determine how well your cybersecurity function is operating and where risk lies.