The Candid Voice in Retail Technology: Objective Insights, Pragmatic Advice

Cybersecurity: Retailers Should Be Leaders

Membership: Unknown
Status: Unknown
Private: FALSE

Over the past weeks, we have seen Cybersecurity breaches on critical industries in the United States. Ransomware is becoming the most popular form of breach, and in at least one of the two cases, the company paid the ransom and got their pipeline (and the Southeast got its gasoline) back. But it does beg the question: have retailers been keeping up? Is our data safe?

Given the industry’s long history of data breaches, you’d think we were in the forefront of the cybersecurity war. While we should be, I’m not sure we are.

The most famous data breach in retail history, was Target’s data breach in 2013. It seems to be the largest data breach in retail history as well. What really made it notable was a) the time of year it occurred, and b) the company’s response. It occurred smack in the middle of the holiday shopping season. Instead of quickly issuing new debit and credit cards, the company arbitrarily (and without telling its customers) put $100 limits on the use of any co-branded Target “red” cards, creating so much ill will among shoppers that it ultimately cost the company CEO his job.

Now, I must confess that I believe there were other reasons Gregg Steinhafel likely deserved to move on. The business has thrived under successor CEO Brian Cornell, even as it languished under Mr. Steinhafel, who really loved the low-margin, traffic driving grocery business while he ignored the “cheap chic” home goods and clothing that made it famous. Nonetheless, lessons were learned.

Still, stolen credit cards were hot on the dark web, and retailers have had to really shore up their security. Are they good at it? It’s fair to say that high-profile breaches have dropped significantly in the past seven years.

Let’s roll back a bit to the overarching question. Should governments of countries like the U.S. be worried about Cybersecurity. You betcha. It wasn’t always so, but it sure is now. Back in the days/years before Y2K (God, can you believe that’s 21 years ago now?), there were various conspiracy theories presented about Y2K destroying the electrical grid. I would laugh and say, don’t be ridiculous. First of all, the electrical grid pre-dated computer systems and were mostly controlled by switches, and second of all, does the electrical system care if it’s 1900 or 2000? Not particularly. There were some concerns about air traffic control systems, and Lufthansa, for its part, opted not to fly during the hours the world was rolling over from 1999 to 2000. I wouldn’t have flown that day either. By the next day, the same question applied: did it matter if it was 1900 or 2000? Not really.

But a lot has happened over the past 20 years. My electric meter is “smart” and so is my gas meter. This saves lots of labor, as no one has to come around and read them, but certainly adds risk to the grid. I’m a late adopter when it comes to in-home smart devices – I use a regular thermostat and only bought a “smart” refrigerator because it was all I could find in the size I wanted. Still, my house is definitely not loaded with digital twins.

Former RSR partner Nikki Baird used to joke that thieves would hack into our smart refrigerators and lock them until we paid them $50 per household. It’s a funny joke, but not funny, as it’s quite feasible. There’s also the urban legend of the estranged husband whose wife had an affair and divorced him. Unfortunately, she forgot to change the password on their smart thermostat, and her ex would have great fun turning the temperature down to 50 on cold nights… visualizing her new lover and her shivering under their blankets. I never did find out if this was true or not.

Okay, so what’s my point here? We have nations at risk from bad actors. Those actors find different ways to break into systems, and then, once they are in, different ways to cause malfeasance…whether it be for money or for the glory of whatever fatherland they might owe allegiance to. Retailers have been working this game longer than just about anyone. We must up our game with a disbursed workforce and ever-more critical information floating around the universe. And, ideally, it’d be nice if our trade associations would join with Federal Governments to support preventing national disasters around the world.

So, if I ruled the world, Cybersecurity would remain a critical part of retailers’ agendas. Trade associations would lead the charge, and CISO’s from major retailers would join governmental efforts to combat state-sponsored (or ignored) breaches. Are we there yet? Nope. Why not? What good is omnichannel if no one’s computer system works or planes are grounded. It’s got to be there. The time is now.

Newsletter Articles June 8, 2021
Related Research