LP Magazine

JUL-AUG 2014

LP magazine publishes articles for loss prevention, asset protection, and retail professionals covering shrinkage, investigations, shoplifting, internal theft, fraud, technology, best practices, and career development.

Issue link: http://digital.lpportal.com/i/352439

Contents of this Issue

Navigation

Page 16 of 68

BUILDING A NEW DEFENSE TEAM A s technology draws us deeper into a new age of business enterprise, we are continuously bombarded with waves of challenges and opportunities involving those with malicious intentions. These attacks come at us from every direction as the ingenuity of these criminal minds seek new and creative ways to infiltrate our information resources and engage in cyber warfare against our businesses. In order to survive these reprehensible intrusions, retailers must fight back. We have to defend our ground and take the necessary steps to combat the threat. This requires that we build and recruit the resources that will help us win the battles. We must become cyber warriors in our own right; defending our computer and information systems against those seeking to seize and exploit the lifeline of our business. Hackers and like-minded mercenaries wage war using information technology to assault our computers and information systems through cyber-related strategies. In the retail space we primarily have thieves looking for personally identifiable information that can be exploited and turned into cash. But there are other groups as well. There are groups targeting organizations for their research-and-development assets, intellectual property, and corporate strategies. There may also be other motivations. To win these wars, we must find better ways to secure our systems by building awareness, educating our teams, finding and closing vulnerabilities, and developing collaborative strategies to protect our resources and defend our customers and our companies. Our greatest opportunity to overcome these intrusions is through a comprehensive approach that includes information sharing and best-practice protocols that support a joint defense team. This is a shared responsibility that will not only demand innovative thinking, but joint cooperation throughout an organization…and the industry. To prevail over this imposing threat to the business, we have to work together. A team is typically at its best when the offense and defense work well together. LP Magazine intends to take this fight to the offensive by providing information and resources that can be used to support our efforts and strengthen our sentinel. In the process we've attended multiple seminars and interviewed several industry-leading thought leaders and cybersecurity experts to provide a more comprehensive perspective on the subject. The Influence of Retail "Retail is the lifeblood of the American economy," remarked Michael Chertoff at this June's National Retail Federation (NRF) LP conference. "Having a safe space to operate is critical to the successful operation of the business." According to the U.S. Department of Labor, the retail trade sector is the nation's largest employer, with approximately 15.3 million jobs as of May 2014. Further studies show that total retail sales in the U.S. topped $4.53 trillion in 2013 (EMarketer.com), representing 27 percent of nominal U.S. gross domestic product, or GDP. While no surprise to those leading the industry, these numbers make it quite apparent that cyber threats can not only impact the retail sector, but can also have a substantial influence on the growth and stability of our economy as a whole. Chertoff, the former secretary of the U.S. Department of Homeland Security and now the executive chairman and cofounder of the global security advisory firm The Chertoff Group, feels that cybersecurity issues have not received the type of front-line attention that some of the more visible and obvious risks have obtained. With some of the more recent incidents that have brought the issue front and center, it is becoming increasingly clear that these types of threats must become a business priority. "We've seen broad exposure of systemic vulnerabilities in our company infrastructures," Chertoff said. "Businesses are collecting more personal information about customer preferences, locations and behaviors, not to mention credit card numbers. Organized groups have become very sophisticated in their efforts, using strategies that are complex and well-planned." Did you ever consider that something as simple as a thermostat could leave your company vulnerable to a cyber attack? To help keep customers comfortable and shopping at a store, it's common for retailers to routinely monitor temperatures and energy consumption in stores to save on costs and to alert store managers if temperatures in the stores fluctuate outside of an acceptable range. Often this process is completed with the assistance of an outside service provider with specific expertise to keep the system efficient and cost-effective. Yet this seemingly mundane, unassuming process opened the door for access into a company's database, leading to one of the largest, most damaging data breaches in retail history. Whether the vulnerabilities are introduced by employee errors or negligence, disgruntled employees, partnering companies, or "Data security is about risk management, not risk elimination. There has to be a strategy for managing the risk built on realistic expectations. You have to understand what you're facing so that you can make intelligent decisions. There must be a full understanding of the threat, of the consequences, and an assessment of the company's weaknesses and vulnerabilities and how they fit within the business." – Michael Chertoff 16 JULY - AUGUST 2014 | LPPORTAL.COM

Articles in this issue

Links on this page

Archives of this issue

view archives of LP Magazine - JUL-AUG 2014