Cyber incidents are rising and already hitting those in retail and fmcg. See the incident with KP Snacks earlier this year, which stopped the business from processing or dispatching orders. Such an event can be crippling, hitting not only the business itself but also its supply chain. Sadly, such incidents are neither new nor unusual, but this isn’t translating into awareness across the retail sector.
When a colleague spoke at an event for the Federation of Independent Retailers recently, what became clear was the disconnect between the rise in cyber incidents and how it might impact the retail industry. It’s no longer acceptable to believe ‘this is someone else’s problem’. No organisation is immune from cyber crime – irrespective of size or sector – and it’s not a case of if an attack will occur, but when. Tesco is one of the first to recognise this issue and take proactive steps, by conducting a cyber attack stress test for the first time.
Becoming cyber resilient starts with an awareness of where and how an attack might strike and taking proactive steps to respond. While businesses and systems vary, the most common types of attacks that retailers should be vigilant for are phishing emails, vulnerabilities in the supply chain, and ransomware attacks. Here’s what every business should be doing.
Don’t think you’re immune
Every networked digital device has a threat of attack. Devices such as tills, printers and card machines can all offer a hacker access to your system. Last December, we saw an example of this, with 300 Spar stores across the north of England unable to take card payment after an attack on its tills and IT system operator. The lesson is: know the systems your business interacts with and be alert to their security vulnerabilities. Ask suppliers and service providers about how they store data, how they would communicate an attack involving your data and their cybersecurity precautions. It could save you time and money in the long term.
Even if your team doesn’t have the technical know-how, many tools and resources are available to increase your knowledge on the subject and teach you how to respond to an attack. The National Cyber Security Centre is a great place to start, but there are other organisations in the devolved nations which can support you. Being proactive in your cyber resilience is vital.
Invest in security measures
When compared with the possible eye-watering costs of a cyberattack, investment in IT security measures is worthwhile. Possible financial impacts of a cyberattack can include lost sales from operations outage or loss of stock (particularly fresh produce). However, there will also be costs associated with repairing the attacked system – particularly if you own the system. Data from Hiscox estimates that a cyber incident costs an organisation on average £11,000 – though in my experience it can be significantly higher.
Plan for the worst eventuality
The single best way to improve your cyber resilience is to create an incident response plan for an attack. This doesn’t need to be complex (particularly if you’re part of a small team or working alone) but it must outline key actions and roles to get the business operational again. It should also include:
- The channels or updates you need to keep staff or customers informed
- Relevant contact details for suppliers or service providers
- Assigning responsibilities for staff or managers to get operational again
- Details for organisations that can support you.
Ultimately, it’s important retailers don’t hide from the ramifications a cyberattack could have on their organisation. As awareness continues to rise, I hope we will soon see even more proactivity to being cyber aware and resilient. While we enjoy the many benefits that technology brings, we should never lose sight of the responsibilities of using it – particularly if our livelihood depends on it.