British retailers must not lose sight of the wider cyber security threats facing the sector, after the recent Heartbleed IT disclosure. The call by Seth Berman, executive managing director of Stroz Friedberg and a former Assistant US Attorney, follows the discovery of an unprecedented flaw in the encryption standard used by millions of websites and IT systems. Seth Berman heads Stroz Friedberg’s UK team, a cyber security, investigations, intelligence and risk management company.
“The retail sector is a prime target, as incidents elsewhere have clearly shown, but there is a real risk that the focus on Heartbleed will leave other areas increasingly vulnerable. British retailers are not immune. Data breaches have already happened, both as a result of data theft from within a retailer’s own organisation and hacking by criminal gangs. The likelihood of significant cyber incidents happening now or in the future, is very high.”
According to the British Retail Consortium, the majority of retailers see cyber attacks as a critical threat to their business, with nearly two thirds of UK retailers targeted by hackers in the last 12 months.
“Significant progress has been made in the development of sophisticated inventory loss systems but retailers are also data companies, almost more than they are merchants. Such information is valuable, as witnessed by a growing and significant black market for personal and corporate information. There is an urgent need for all retailers to pay greater attention to the value of the data they hold about their customers and that can be used by criminals to make money.”
The firm suggests that moves to improve cyber security at retailers in the United States after costly data breaches, may increase the pressure on UK retailers. Seth Berman said: “As security defences elsewhere are heightened, the risk of cyber attacks on Britain and other European countries is likely to grow. Action is required now and UK retailers cannot assume that cybercrime is a particular US phenomenon. Rather than counting their luck, such risks are equally applicable to UK retailers.
Seth Berman added: “Without a clear commitment to addressing such emerging risks, which must go hand-in-hand with a focus on developing a broader strategy to improve cyber resilience, there is a considerable danger of financial and reputational harm.
“Criminals will look for the weakest link, within a retailer’s own organisation or elsewhere in the supply chain. Hyperconnectivity has allowed the sector to get closer to customers and suppliers and such advancements have created new platforms for growth. However, security vulnerabilities may have been created and retailers must, therefore, take steps to rethink their systems, assess cyber resilience and get ready to tackle incidents that will eventually occur.”
