Retail just got personal. In the digital age, it is no longer enough to market to the masses.
Retailers, both online and offline, want to tailor messaging, special offers and services to smaller and more targeted groups of customers to encourage them to value the brand.
In a recent report ‘Digital Business Era: Stretch Your Boundaries,’ commissioned by Accenture, the consulting firm stated that businesses are creating highly personalised experiences that engage and exhilarate consumers without breaching their trust.
While this is encouraging, consumers are still concerned about the safety of their personal data shared with brands and organisations online. The concerns come with good reason. The retail industry is the third most likely industry to be subject to cybercrime, behind government and financial services, according to consulting firm PwC. in its findings on the “Global Economic Crime Survey 2016.”
But as the Middle East retail industry continues to transform, digitise and embrace mobile payment technology, what are the greatest threats it’s facing today? A look back at some of the biggest cyber security attacks in the past reveal that the retail sector has had its fair share of well-publicised attacks, where millions of people’s identities, credit and debit cards data were stolen. It’s for this reason that information security is becoming increasingly important to retailers.
At the same time, irresponsible handling of data is quickly becoming a corporate risk in terms of reputation, customer attrition and, governance and regulatory compliance. Throughout the data supply chain, protecting client data is essential to retaining customer trust.
Consequently, the growing status of personal data in retail raises three fundamental questions: What is the threat? Are retailers ready for it? And what should they do?
Let me tackle these questions by looking at the growing cyber threats in the Middle East.
In November 2016, it was widely reported that hackers had conducted a series of destructive attacks targeting Saudi Arabia over a two-week period. The attacks involved the use of malware and targeted the government, public and private sectors.
It’s safe to say that as the volume of attacks changes, the perpetrators are also evolving. They are well organised and well-funded. They have sophisticated technical skills to create custom malware for very specific targets. Moreover, almost anyone with malicious intent can purchase malware and rent botnets on the Dark Web – an area of the Internet not indexed by commercial search engines.
The increasing ferocity of cyber threats comes as retail companies’ IT environments have become more varied and complex. Legacy industry-specific systems and enterprise resource planning (ERP) might still run the nuts and bolts of the business, but new Internet of Things (IoT)-related technologies are also entering the fray.
So how should retailers build better defences?
Businesses leading the fight against cybercrime understand that, to mitigate attacks, they need to monitor threat activity, gather intelligence and create processes that respond automatically.
While organisations currently collect information about security breaches within their firms, too often the activity is not co-ordinated or well managed. Those responsible for IT security in retail companies can gather data from a number of sources, including firewalls, intrusion detection systems, application gateways, antivirus and anti-malware software.
But there is a problem. These “security sensors” provide so much data that the situation might be likened to a fire hose pumping information about events at the rate of tens of thousands of gigabits per hour. This intense stream of data can effectively blind a security team to any real threats, as they become difficult to distinguish from background noise. The volume of data also makes a rapid response impossible.
As threats change, so must the response. While firewalls, antivirus software, intrusion detection systems and endpoint security all play their part, they are insufficient to defend against the threats retail companies now face. Hackers often sniff out weaknesses in defences long before they launch an attack. Strategies that only aim to keep out attacks are failing and have failed in some of the largest attacks to hit the headlines. So what’s the way forward?
For starters, retail companies need a new approach to managing the data output from security tools. Leaders in the field are adopting the idea of security intelligence.
The role of security intelligence is to unlock the insight contained within this security data, helping organisations clearly identify those threats that could cause damage and provide the information necessary for a rapid response.
The main aim of security intelligence is to deliver the right information at the right time with the appropriate context to significantly decrease the amount of time it takes to detect and respond to damaging cyber threats.
The LogRhythm Security Intelligence Maturity Model (SIMM) helps companies understand their business risk posture based on their security intelligence capabilities. The model offers a compelling framework to help organisations advance in their journey to combat advanced cyberattacks while simultaneously restoring confidence in the Internet.
Likewise, leading retailers, which know how consumer trust drives business, understand the need to monitor cyberattacks that penetrate the perimeter and have the intelligence they need to protect customer and business data while neutralising the threat. Those that do not will struggle to grow in the new era of personalised retail.
Subscribe to our monthly newsletter
Keep a pulse on the latest business news in the Middle East. Subscribe now.