Retailers Must Be More Cooperative and Proactive on Cyber Threats
By Charles Tendell, Azorian Cyber Security
The retail sector has been targeted and damaged by high-profile cyber security incursions, resulting in a loss of customer confidence and a move by retailers to upgrade security measures in the constant battle against criminal hackers. Security threats exist at multiple points in the retail chain, from point-of-sale systems and online purchasing to employee access to sensitive information. It’s part of a dizzying trend including research by the Ponemon Institute showing that personal information of nearly half of all Americans has been exposed by hackers in the past year.
There are two strategies when combined will help the retail sector to be more effective in the fight against cyber crime. One strategy goes against the traditional thinking of business leaders — sharing information more actively with competitors. Through industry association leadership and respected luminaries in the retail sector, the industry can move toward an understanding that there’s strength in numbers and cooperation. There’s no benefit to protecting helpful information and best practices for the sector when the next time around it might be one’s own organization that could benefit from the information sharing of others. Retailers are facing a common enemy in criminal hackers and it makes good sense to team-up as an industry.
The second strategy is to become more proactive and aggressive in identifying cyber threats ahead of time, while these threats are still being developed. The retail sector and most industries are lagging behind hackers because hackers are focused on one task and constantly evolving it, while many retailers are still learning the distinction between traditional IT security and what it takes to defeat hackers.
One baseline tool retailers must implement is penetration testing, conducting ongoing self-evaluation of systems, processes and policies in an effort to stay ahead of the curve. However, penetration testing is not enough to identify new threats ahead of time, as active threat intelligence is needed to fill the gaps in penetration testing and implement a truly dynamic and aggressive cyber security protocol. It’s often the case that retail hacks are not noticed by companies or customers until weeks or months after the intrusion, creating far more damage.
Active Threat Intelligence
Retailers should monitor the ‘deep web’ to identify advanced persistent threats before they become implemented by criminal hackers, such as point-of-sale malware, the latest in credit card skimming capabilities and a wide range of Trojan horses. Only by staying ahead of the curve on a constant basis can retailers have a chance to combat these and other nefarious activities. It’s similar to having a tornado warning; even a bit of notice can go a long way. Having time to understand each threat and prepare defenses is key to staving off hacking threats.
This type of aggressive cyber security is not typically implemented by a traditional IT department, but by ethical hackers who work and lurk in the same places as criminal hackers, but use their knowledge to protect businesses and consumers instead of damaging them. Ethical hackers monitor and participate in message boards, chat rooms and other online sites, as well as hacking conferences, where the most current information on what’s coming next appears before techniques are implemented against businesses and consumers. This is how ethical hackers create the warning time needed to implement defenses.
Proactive, stringent internal policy and clear employee communication are also important factors in cyber security, as employee mistakes and malicious behavior can be highly damaging. These issues can be minimized by proper policies and clear communication about those policies. There’s a deterrent aspect when retailers make it clear to employees that cyber security is a priority and the company’s actions reflect this priority. Important internal policies include: written agreements of confidentiality and clear descriptions of consequences for willful breaches of agreements; delineation of access to information based on position/need; sound IT structure to manage key issues such as mobile device interface with company systems; and ongoing communication with employees through multiple channels.
Three Predictions for the Facebook ‘Buy’ Button
So the news is out that Facebook is testing a new “buy” button designed to help businesses drive sales in News Feed and on Pages. This feature will let consumers click the “Buy” button on ads and page posts to purchase a product directly from a business, without leaving Facebook.
While some retailers and brands are now conducting actual e-commerce from their Facebook pages, the “buy” button holds the potential to substantially increase Facebook’s potential as a platform for executing omnichannel transactions. Here are a few predictions on what will happen to Facebook’s standing as a retail application as the buy button gradually shifts from pilot to full rollout.
Facebook Will Drive Store Traffic
Smart retailers will offer, and even encourage, buy online-pick-up-in-store functionality through the buy button. Many consumers prefer the immediacy of picking up an item in a nearby store to waiting for a delivery, and retailers benefit from the resulting increase in store traffic and secondary purchases.
In addition, in-store pickup can allow retailers in the fast-food and grocery verticals to effectively utilize the buy button. Of course the buy button will also drive a lot of online purchases for home delivery, but ultimately it should increase Facebook’s importance to retailers’ store strategies, which is good for Facebook.
Security and Privacy Will Need Addressing
Facebook says it designed the buy button with “privacy in mind” and that payment information won’t be shared with advertisers. Facebook will also let consumers decide if they want to save payment information for future purchases.
This is all well and good, but security and privacy will be a major issue for Facebook to address, especially with lingering controversy over the recent admission that the company tested how newsfeed content affected user moods. While consumers are waking up to the fact that any online activity produces a wealth of individual data that companies can and do use for marketing and research purposes, the highly personalized nature of Facebook makes users especially sensitive to privacy.
There is no immediate means for Facebook to calm consumer fears about the safety of their personal and financial information when using the buy button. But by employing advanced technology to protect consumer data and authenticate user identity, Facebook can in time gain broad consumer trust.
The Kids Won’t Come Back
Anecdotal evidence as well as actual research backs up the notion that Facebook is by and large your father’s social network. Millennials, especially those of high school and college age, are increasingly turning to more visually oriented social networks like Instagram (owned by Facebook) and Snapchat.
Although clicking a button to buy an item directly from an ad is the kind of cool and convenient tech feature that would typically resonate with Millennials, it won’t be enough to bring them back to Facebook. This also means that youth-oriented retailers will be less likely to get seriously involved with the buy button.
The logical next step in the general evolution of social media as a commercial platform is the enablement of purchasing items directly from photos on visual networks such as Instagram and Snapchat. Given its parent company’s related experience in directly enabling social purchases at the click of a button, look for Instagram to be a leader in this area.
Children’s Place board member passes away
The Children’s Place has announced that Lou Lipschitz, a member of its board of directors and chair of the audit committee, has died.
"We are deeply saddened by the passing of our friend, colleague and trusted advisor Lou Lipschitz. Lou’s financial leadership, and passion for our business, enriched our company and our board, and we will dearly miss his dedication, grace and wonderful sense of humor," Norman Matthews, The Children’s Place chairman of the board, said.
Lipschitz served on the board of directors since 2008, and was the chair of the audit committee and a member of the nominating and corporate governance committee. Prior to joining the Children’s Place board, Lipschitz served as the EVP and cfo of Toys "R" Us from 1996 until his retirement in 2004.