Traditionally, businesses have prioritised risks that affect their operations on a day-to-day basis, such as the expansion of a competitor business, or the reliability of the supply chain. However, these are only the tip of the iceberg when it comes to risks that retailers face.
Too often, retailers undermine the severity of an insidious, less visible risk: data security management – until it’s too late. When left unnoticed, the risk of inadequately secured data can grow with detrimental impact.
According to recent Veritas research, over one-third of Australian organisations are underestimating their level of risk. In fact, 40 per cent of businesses when initially surveyed felt they were not at risk; it was only upon further prompting that almost 99 per cent of participants identified at least one risk to their organisation.
Quite clearly, while risk can come in many forms – from economic uncertainty, regulatory requirements and talent shortages – it is not immediately recognisable to many Australian businesses. So what happens when a new, emerging risk enters the equation?
Recent data from the Australian Cyber Security Centre found that the retail sector has become a prime target for cyber attacks, trailing only behind financial services and healthcare. With one cyber report recorded every ten minutes, and a combined annual loss of AUD$300 million across the industry per year, cyber attacks are clearly a real risk for Australian retailers.
In a jungle of hurdles and risks, it can be difficult for retailers to navigate and prioritise the risks they face. However, with 41 percent of Australian businesses already pinpointing data security as a key risk in the Veritas research, the importance of data security cannot be ignored.
As a first port of call, any retailer must work towards operational resiliency. That is the ability of a business to not only prevent, but effectively recover from disruptions and risks to its critical business operations. This resiliency better prepares retailers for emergencies, and ensures that operations can continue in a potential cyber attack.
Practice makes perfect
Have a well-equipped and rehearsed contingency plan to help ensure protection against future cyber attacks. Effectively, retailers would be able to isolate threats and mitigate their effects, preventing disruptions to businesses. All bases should be covered, and be practised regularly to ensure familiarity with roles and responsibilities during an attack.
IT teams should attempt to quarterly hold regular tabletop exercises to ensure all team members are prepared to activate at any given time. Regularly reviewing a contingency plan will also assist in identifying whether retailers can improve, refine and update their methods in responding to future security threats.
Maintain cyber hygiene
Ensure direct and third-party staff are trained and, more important, regularly re-trained on operational resilience procedures in the face of an attack. Placing all trust in a third-party provider can lead to updates being missed and a lack of individual responsibility and awareness in critical communication procedures.
Retailers should also regularly refer to industry organisations, such as the Australian Cyber Security Centre and Australian Signals Directorate, that can help keep up to date with best practices and emerging threats from cyberspace.
Keep your cool
With the growing pressures of the economy, it can be difficult to remember the drastic risks that data breaches can have on retail businesses. It is easy for retailers to unconsciously adopt an optimism bias amid the growing threat of emerging technologies.
But to mitigate, prevent and minimise risk, retailers must act now. In line with the rapid rise of new technologies, businesses should seek to grow and adapt, evolving their processes to improve cyber resilience. It is only when members of a business adopt a holistic approach and all come together by unifying data security, data protection and data governance, so that businesses can proactively mitigate threats and achieve operational resiliency at all times.
Pete Murray is managing director for Australia and New Zealand at Veritas Technologies.