The 2019 holiday shopping season is heading into full swing, and that means both good and bad news for retailers. The good news is that Black Friday and Cyber Monday have become global phenomena, and with online shopping more popular than ever, retailers all over the world are well-positioned for a very happy holiday season.
The bad news is that they’re also facing a cyber threat environment that is more dangerous than ever. The 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses (SMBs), conducted by the Ponemon Institute and commissioned by Keeper Security, found that 61% of retailers reported having been victimized by a cyberattack within the past year, and 72% have been attacked within their companies’ lifetime.
Retailers are unprepared to respond as cyberattacks become more targeted and complex
SMBs across all industries told Ponemon that they felt cyberattacks were increasing in complexity and intensity, and the retail industry was no exception. Nearly nine out of 10 retailers (87%) said they felt that cyberattacks were becoming more targeted, 61% agreed that they were becoming more sophisticated, and 67% reported that they were becoming more severe in terms of consequences, such as financial losses. Respondents said that the top three cyberattack methods used against their organizations were phishing (69%), web-based attacks (54%), and malware attacks (40%).
The average losses reported by retailers are a testament to the severity of the fallout from retail data breaches. An average of 7,772 individual customer or employee records are lost or stolen, and the average cost from the disruption of normal operations is $1.9 million. However, despite these sobering figures, half of the retailers interviewed reported having no response plan for a data breach, a figure 11% higher than the average among all industries.
When asked about contributing factors, retailers cited budget one of their top concerns. Just over half (51%) reported an inadequate budget to achieve strong IT security, and 93% reported spending less than 20% of their overall IT budget on security; the average spend was only 11.5%. Retailers also pointed to insufficient personnel (91%) and no understanding of how to protect themselves from cyberattacks (40%) as contributing factors to poor cybersecurity posture.
Secure your employees’ passwords, secure your store
An estimated 81% of data breaches are caused by stolen passwords. Retailers realize the importance of password security to overall cybersecurity posture; 69% of retailers interviewed by Ponemon agreed that passwords are important to defending against cyberattacks. However, 51% admitted to having no visibility into their employees’ password practices.
The good news for budget- and human resource-strapped retailers is that securing passwords doesn’t have to be arduous or expensive.
- Provide employees with continuous training on cybersecurity best practices, including how to avoid falling prey to phishing and other social engineering attacks.
- Conduct regular security audits and encrypt business data.
- Mandate the use of strong login credentials and multi-factor authentication (2FA) on all employee devices.
- Mandate the use of a robust password manager such as Keeper’s business solutions.
Keeper’s business and enterprise password management solutions give retailers visibility into employee password practices that they need, enabling them to monitor password use across the entire organization and enforce strong passwords, 2FA, and other security policies. Each employee gets a private, encrypted digital vault that can be accessed from any device, and companies can set up shared folders for teams, such as individual store locations or departments. Employee permissions can be fully customized through fine-grained access controls based on the role and responsibilities of team members.
The real problem with retail cybersecurity isn’t money but mindset. Deploying a password manager like Keeper is one of the simplest, most cost-effective measures any retailer can take to protect their store from cyberattacks during the holiday season and year-round.
For more information, download the 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses report.