store business owner packing clothes for delivery

Cybersecurity problems in retail: 3 cybersecurity pain points & how to solve them

Summary

Tips on how to solve cybersecurity challenges and pain points in retail.

Time: 8 minute read

As the retail customer experience evolves, you’re enhancing the shopping experience by expanding your digital footprint, deploying more complex technology, and adopting more cloud-based services.

Now more than ever, it’s critical to proactively monitor, manage, and mitigate potential cybersecurity attacks before they lead to costly disasters.

The cost and impact of a retail data breach or cybersecurity problems in retail

According to the 2022 IBM Cost of a Data Breach Report, the average global cost of a retail data breach in 2022 was $3.28 million. What’s more, the report indicates that 60% of the organizations studied were forced to raise the price of their products or services because of the breach.1
 
The costs involved in retail data breaches or cyberattacks are jaw-dropping. For example, a popular convenience chain recently made headlines for paying $8 million to end an investigation into a credit card breach affecting about 34 million customers.


Data breaches lead to indirect and long-term effects like negative press, loss of trust, and lost business from once loyal customers. Keep in mind the costs of a data breach go beyond funds possibly stolen from the company or its shoppers, but also the financial responsibility involved, such as:

  • Attorney fees should a class-action suit occur
  • Compensating customers either with cash or credit and identity monitoring services
  • Repairing the breach and preventing future cyberattacks
Whether your retail business accelerates via brick-and-mortar shops or online, each new store or website becomes a sitting duck waiting for a breach or cyberattack. In this article, we’ll look at three cybersecurity pain points retailers face and ways to solve them.


 

1. Limited IT resources

The labor shortage first fueled by the pandemic has extended well into 2022, leaving many employers desperate to fill open positions. Everyone knows how hard the retail industry has been hit. According to PeopleReady's U.S. Workforce Trends Quarterly Report, over 1 million new retail jobs were posted during the first quarter of 2022.2
 
Faced with a massive shortage of retail workers – cybersecurity employees are always in high demand. The ISACA State of Cybersecurity 2021 Report says 16% of respondents admit it takes six or more months to fill an IT position. Unfortunately, an average of 50% of hiring managers surveyed also said they aren’t confident that applicants are well-qualified.3
 
As retailers continue to innovate and enhance the customer experience, they’re deploying drones, robotics, self-checkout, and more. Many talented IT staffers are needed to ensure that technology is operating correctly and that networks and data are secured.
 
In January of 2022, Forbes highlighted the IT staff shortage in an article titled, The Widening Cybersecurity Talent Gap and Its Ramifications In 2022:
 
“Over the past few years, one issue has remained prevalent and will continue to be as we head into 2022: a cybersecurity manpower shortage and talent gap. This is becoming a more recognizable problem as companies come to grips with the reality of cyberattacks, crime, and the havoc they’re bringing on their victims. These aren’t just big names covered by the media; they're businesses next door that might’ve already become a cybercrime statistic.”4
 
Some retailers have corporate staff working remotely to help with staffing shortages. Remote devices that aren't correctly connected or equipped with security capabilities can leak sensitive account information. Hackers can quickly gain access to your network through a remote connection and deploy ransomware or steal valuable customer data, resulting in a breach and loss of business operations.

 

Solution: Partner with a managed cybersecurity service company

By outsourcing technology services to reputable IT organizations, retailers can enable secured remote and hybrid workers.
 
Working with a managed cybersecurity services company or third-party cybersecurity service can strengthen enterprise IT teams. And in an era when endpoint and network security extend beyond traditional perimeters, 24/7/365 monitoring and reporting together with advanced technologies give you better-secured data, compliance, and peace of mind.
 
Cybersecurity services like vulnerability testing and security assessments can deliver valuable information and boost your retail chain's security posture. At the same time, other tools like identity access management (IAM) simplify how you manage and protect business information. But do you have the resources and staffing?


By outsourcing IT, you can:

  • Improve scalability allowing you to adapt to change quickly
  • Remain competitive with state-of-the-art protection other retailers have access to
  • Upgrade tech support for your onsite and remote employees
  • Optimize your team and gain much-needed guidance on IT infrastructure solutions
  • Minimize downtime with IT experts available 24/7
  • Gain added cybersecurity protection with a dedicated team that can identify vulnerabilities and mitigate threats
Outsourced security and IT professionals have you covered, allowing you more time and energy to focus on your customers, products, services, and retail marketing.

 

young woman shopping online with smartphone and making payment online with credit card

2. Lack of comprehensive security

We see a heightened urgency to implement more robust, holistic, strategic security today. That urgency derives from several factors:

  • Increased cloud service usage outside of network perimeters
  • Remote work has obliterated the idea of network perimeter
  • Ever-expanding “hybrid” work practices
COVID-19 accelerated the need for cloud applications to keep everyone connected, productive, and communicating anytime, anywhere. Related to the increased surge in remote work, 2020 saw a dramatic rise in cyberattacks, especially ransomware – making security a priority for all organizations.

 

Retail organizations need a continuously evolving set of cybersecurity standards that shift defenses from traditional static, network-based perimeters to focus on users, assets, and resources.

 
Flexible, hybrid workstyles create a myriad of security challenges. So, how can retail leaders keep businesses and employees secured?
 
Your employees work anywhere and everywhere – in the field, in warehouses, doing store walks, in their home offices, at conferences, etc. A secured infrastructure is needed to let them safely work, connect, and collaborate from anywhere. They – and the information they're working with – are exposed to new points of vulnerability.
 
As retailers, you need a holistic security solution as you implement automated solutions or devices in warehouses and stores. Your employees use many IoT devices outside of standard office and computer parameters. They’re working with barcode scanners, mobile payment devices, self-checkouts, cash registers, and card readers, just to name a few. Are these devices and systems truly secured?
 
A third-party IT security vendor can help install and deploy new automated equipment and assist with increased cloud service and security outside of network perimeters.

 

Solution: Implement a Zero Trust security model

Consider taking a Zero Trust approach to protecting your employees and information. Since the pandemic, you have been forced to innovate your security measures. You’ve most likely moved to the cloud and have automated security and compliance processes.
 
Zero Trust, sometimes called perimeter-less security, is a security framework where every user or device must be authenticated and validated before gaining access to any business system, application, or asset(s).
 
Traditional retail organizations' current perimeter-based security model isn't practical between IoT-connected POS systems, drones, delivery robots, and more. To stay ahead of these trends, retailers must adopt a Zero Trust model.

Zero Trust systems always validate access for all resources to ensure only authorized and approved individuals are accessing data. It shifts defenses from traditional static, network-based perimeters to focus on:

  • Users – Anyone with access to your system, including vendors, staff, and contractors
  • Assets – Where your information and data lives
  • Resources – Tools used to protect your information
Zero Trust security model or architecture in retail requires a multi-layered approach. Its core principle is that all people and all devices, inside and outside the network perimeter, should never be trusted. Additionally, Zero Trust assumes that internal and external threats always exist on the network. All devices, users, and data flow must be authorized and authenticated.

Technologies often used in Zero Trust include:

  • Multi-factor authentication (MFA)
  • Advanced endpoint protection
  • Event isolation technologies
  • Data encryption
  • Identity management and protection
  • Secured messaging
  • Asset validation before connection
Gartner predicts that 60% of all organizations will embrace Zero Trust as a starting point for security by 2025.5 However, more than half will fail to realize the benefits – Zero Trust must become a vision throughout organizations. Retail leaders must promote clear communication that ties it to business outcomes to achieve the benefits.
 
Related content

 

 

3. Human error

A popular financial company made headlines because of a social engineering cyberattack. A malicious actor tricked a customer service employee resulting in the attacker gaining access to over 5 million email addresses and 2 million names. 
 
The 2022 World Economic Forum states that 95% of cybersecurity breaches are due to human error.6
 
“Ransomware poses a clear and present threat to companies today. Attacks are increasing in frequency and also in sophistication. But a lot of addressing the issues goes back to educating people and driving a security culture that addresses that human element factor and builds processes that help eliminate the likelihood of human error … which more often than not is the root cause of the attack,” says David Levine, Ricoh Chief Security Officer.
 
People and employees continue to be the weakest link in the cybersecurity chain, so training them on cybersecurity best practices is vital. Developing creative and educational cybersecurity programs that help your employees recognize, report, and avoid malware, phishing, social engineering, and ransomware threats is a must.  
 
Employees are the gatekeepers to the company network. Cyber attackers know this and will do anything to gain access. The most sophisticated attacks regularly target even the tech savviest employees and CEOs.
 
Unsuspecting employees are easy targets. For example, social engineering allows attackers to prey on even the brightest executive who innocently provides info and company updates on LinkedIn. A phishing email threatens your network when sent to your accounting team disguised as an invoice.

 

Solution: Ongoing cybersecurity training for employees

Cybersecurity education programs go beyond onboarding new retail employees. Continued and updated education is necessary to keep your customers’ data safe and prevent your company from pricy ransomware or cyberattacks.

Experts say that today’s employee cybersecurity training should:

  • Consist of bite-sized 10-15-minute sessions, so it’s easier to digest
  • Occur quarterly, making it simpler for employees to squeeze into their schedules
  • Engage employees – for example, providing them with information and examples of how to protect themselves both personally and professionally
Why not team up with a company specializing in employee cybersecurity awareness training? Training programs are an engaging way to educate your retail employees on handling different cybersecurity situations.
 
Though you can never fully eradicate human error, a robust end-user training and education program is invaluable to your defenses. It should become part of a larger plan to minimize potential points of attack and mitigate the damage when an attack occurs.
 
Consider implementing mock hacks and phishing email attacks to test employees and identify areas where staffers require additional training on cybersecurity best practices, policies, and protocols.
 
Focus on topics like:
 
  • Suspicious URLs or domain names
  • Emails requesting personal information, containing odd messaging or typos/grammatical issues
  • Opening email attachments from unknown sources
  • Using the same password for multiple sites
  • Benefits of a secured password manager
  • Risks of using public computers or unsecured wireless connections
In addition to running network assessments and updating software, if working with an outsourced IT team, have them assist with employee cybersecurity education. Ensure they perform frequent staff training programs that give your teams the information and tools to stay compliant and avoid costly mistakes that could lead to dangerous data breaches.

 

Final retail cybersecurity takeaways

Cybersecurity risks are ever-present as threats continue to become more sophisticated. At the same time, rapid change in retail industry competition, compliance, economic conditions, staffing issues, and new and legacy technologies can expose you to data breaches that could cost billions.


Don't fall into the high-cost trap of not doing enough, or worse, doing nothing. Reliable, always-on cybersecurity needs always to remain top of mind.


Visit the Ricoh Cybersecurity Solutions page to discover best-in-class solutions and technology to safeguard your retail business against the latest threats.


When it comes to cybersecurity for retail, we've got your back! Connect with one of our representatives today.

Recommended for you

Driving a security culture Human error accounts for 8 of 10 data breaches! Our Chief Security Officer David Levine shares how to address the risks and build a security culture.
What is Identity & Access Management? | Complete Guide IAM is a framework for IT managers that helps control access to critical information. Learn all you need to know about IAM in this guide.
How to avoid ransomware Ransomware can make you lose time and data, making it imperative that you know how to avoid it. We share tips and best practices in this article.
1https://www.ibm.com/security/data-breach
2PeopleReady's U.S. Workforce Trends Quarterly Report, https://www.prnewswire.com/news-releases/hospitality-and-retail-each-saw-over-1-million-job-postings-in-q1-2022-new-report-by-staffing-giant-peopleready-301542861.html
3ISACA State of Cybersecurity 2021 Report, https://www.isaca.org/go/state-of-cybersecurity-2021
4https://www.forbes.com/sites/forbestechcouncil/2022/01/28/the-widening-cybersecurity-talent-gap-and-its-ramifications-in-2022/?sh=7d489fa75398
5https://www.gartner.com/en/newsroom/press-releases/2022-06-21-gartner-unveils-the-top-eight-cybersecurity-prediction
6The Global Risks Report 2022 17th Edition, https://www3.weforum.org/docs/WEF_The_Global_Risks_Report_2022.pdf
Close Chat
HelpChoose A Topic