Everyday yields new cybersecurity risks for all industries. For instance, in the last couple of blog posts we focused on cybersecurity threats in the healthcare sector and how it has become a target for cyberattacks. In addition to healthcare, the retail industry is an arena that continues to experience significant increase in the amount of security incidents. To elaborate, according to PricewaterhouseCoopers LLP, security incidents in the retail industry increased 154% in 2015 from the previous year.
Obviously, 154% is a devastatingly high increase for retailers. In order to solve the problem, retailers must first understand where the issues stem from: what, or who, is causing the skyrocketing number of security incidents in the retail industry?
PwC’s Global State of Information Security Survey of 2016 provides insights into cybersecurity in the retail sector, as well as reasons for security incidents. Here are the top 4 causes of retail security incidents as outlined by PwC, and how to avoid them:
1. Current Employees
In 2015, 34% of retail and consumer organizations cited current employees of their business as the cause of data breaches, according to PwC. In fact, the carelessness of current employees at organizations has been cited as a top risk to the security posture of companies in various industries. Ponemon Institute found that the majority of employee errors did not include malicious intent.
The top two insider risks that involved current employees are data breaches caused by a careless employee that unintentionally exposes sensitive information or succumbs to a targeted phishing attack, according to Ponemon. However, despite the fact that many data breaches are inadvertent and rooted in employee negligence, companies must be aware of malicious insiders as well, or current employees who deliberately expose private data.
So, what leads to data breaches attributed to current employees? It turns out that although companies are fully aware of the risk current insiders pose, employee security awareness and training programs are continuously falling short. 60% of business leader respondents in Ponemon’s Managing Insider Risk through Training & Culture study of 2016 believe that their employees have little to no knowledge of company security risks. In addition, many respondents say their training programs do not offer training on risks of major data breaches.
To avoid data breaches caused by malicious intent or outright negligence of current employees, retail companies must provide adequate training for employees regarding the risks of data breaches. Ponemon also recommends that companies create a culture surrounding the reduction of insider risk that inspires employees to exercise best security practices to protect confidential data.
2. Past Employees
The second highest cause of retail security incidents plaguing retail companies is former employees. Earlier this year, the UK communications regular, Ofcom, experienced a major data breach as the result of a former employee secretly collecting private company data over the timespan of 6 years.
The former employee accessed confidential company data through security gaps in the company’s third-party data. Retail companies can avoid data breaches caused by third-party security gaps through investment of vendor management services. Retail organizations need cybersecurity companies, like us, to come in and perform thorough vendor assessments to ensure the security of their networks. Proper third-party vendor assessments require expert staff that have an extensive understanding of third-party security. In general, companies lack the time and staff to perform comprehensive vendor assessments, which puts their company at risk for a data breach, similar to the case of Ofcom.
Don’t let data breaches attributed to third-party security damage your brand image – ensure your vendors’ security with our Vendor Management Services.
3. Third-Party Providers
Tying right in with the last point, the third leading cause of retail security incidents in the industry is third-party vendors, according to PwC. While you’re probably aware that companies must assess their vendors’ security for compliance, you must ensure that this evaluation process is completed at least once a year.
At NuHarbor, we manage your third-party vendors so you can focus on managing your business. Be confident in your network’s security with our vendor management services.
21% of retail and consumer companies report security incidents as being caused by hackers, making hacking the fourth leading cause of security breaches in the retail industry, according to PwC. Often times, hackers utilize phishing and malware to acquire confidential data, according to BakerHostetler.
Retail companies can avoid falling victim to phishing and malware attacks by implementing an effective information security plan for their business and educating employees on how to identify and avoid scams.
For more information regarding security risks and causes of security incidents in the retail industry, download The Global State of Information Security Survey of 2016 by PwC.
by Amanda Vincent
Information Assurance Analyst
Amanda Vincent is an Information Assurance Analyst for NuHarbor Security. She works closely with our Assurance team to deliver compliance audits, gap and risk assessments, and vendor assessments. Amanda has experience with the creation of policies, standards, and procedures that help companies align with their desired industry framework. Her efforts help organizations successfully and safely use information systems to support business objectives.