Are Data Breaches the New Reality for Retail?
As digital transformation takes hold, the retail industry is under siege from cyber criminals and nation states attempting to steal consumers’ personal information, credit card data and banking information. Lines are now blurred between physical and digital experiences. And criminals are moving online. At the same time, customers expect faster checkout and order fulfillment, both online and offline. While retailers digitally transform their businesses to better serve the higher demands of their customers, they're being challenged with safeguarding personal data to protect customers, partners and suppliers’ critical information. The more that new technologies like cloud, big data, Internet of Things (IoT) and mobile payments are used to provide an exceptional customer experience, the bigger the cybersecurity challenge.
As retailers expand their digitization, they need to continually address cybersecurity since the challenge to secure critical and confidential data will only increase. This sentiment is supported by global data released this month by Thales eSecurity in the Retail Edition of the company’s 2018 Thales Data Threat Report, which polled 1,200 IT security managers from eight countries and across four major verticals, including insight from 100 U.S. senior retail IT security managers and 96 IT security managers from retailers across the globe.
The report shows that 95 percent of U.S. retail organizations will use sensitive data in an advanced technology (cloud, big data and IoT) environment this year, a clear target for a potential cyber threat. It also suggests that while retailers are increasing IT security spending this year, they admit having been breached in the last year. In fact, this year’s report showed a massive increase in data breaches, with 50 percent of U.S. retailers experiencing a breach in the last year. This is in sharp contrast to last year’s report, which revealed only 19 percent experienced a breach.
Other key findings from this year's report include the following:
- Retailers are beginning to understand the risks. Nearly 95 percent of U.S. retailers admit their exposure to data breaches. What’s more, almost half are aware they're extremely vulnerable (a 30 percent increase from last year’s report).
- U.S. retailers, especially, need to focus on data protection. U.S. retailers are found to be more inclined than retailers in other countries to store sensitive data in advanced technology environments for digital transformation. Seventy-five percent of U.S. retailers have experienced at least one breach in the past, as compared to 60 percent of global retailers. Only 26 percent of U.S. retailers are implementing encryption in the cloud today.
- Encryption and tokenization steal the show when it comes to securing emerging environments. Data shows that 67 percent of U.S. retailers are planning to implement database and file encryption this year. Moreover, they cited that two of the top tools needed for additional cloud use in their environments are encryption with enterprise key control and cloud provider key management.
So, what should retailers take away from this data? First and foremost, retailers need to reassess their IT security toolkit. Traditional endpoint and network security simply don’t cut it in today’s digital world. Retailers need to engage with data security vendors that offer service-based deployments and data protection technologies to protect sensitive information even in the event of a data breach. Next, retailers should look at compliance as more than a mandated check-box. Data shows that while more than two-thirds of U.S. retailers still have considerable faith in compliance mandates, they're still being breached. Retailers need to take a step past compliance and consider adopting tools like encryption and tokenization that provide more comprehensive data security, especially as companies embrace the cloud and consumers use of new payment technologies.
While data breaches might be the new reality for retailers, organizations that have a comprehensive data security strategy across their entire environment, including encryption, can protect their customers’ information wherever it's created, stored or shared.
Peter Galvin is chief strategy and marketing officer at Thales eSecurity, a provider of advanced data security solutions and services.
Related story: What Modell's is Doing to Protect its Customers’ Data