industry unlocked
Shailendra Singh, Chief Information
Security Officer – Capillary Technologies
Organisations operating in the retail sector are
responsible for safeguarding huge amounts of
customer data and ensuring a secure, smooth
shopping experience for those who choose to use
online services. The cost of a breach is huge, both
financially and reputationally. Shailendra Singh,
Chief Information Security Officer – Capillary
Technologies, talks us through some of the main
cyber-risks and how CISOs can address these.
T
44
The retail sector is a prime target for hackers
and cybercriminals, and why not? Look at the
sheer volume of data generated on a daily basis.
Customers’ personal details along with their
credit card numbers make a lucrative target.
However, the retail sector by design is not
strongly focused on information and data security
because the connection to ‘valuable data’ is not
evident. Information is usually and rightly viewed
to be a domain involving software and digital
interactions while retail has to do with physical
products and offline stores.
This is changing rapidly with the advent of online
retailing and digitsation of CRM, loyalty and
business analytics solutions.
Retail giants started using software solutions
a long time ago to improve their customer
engagement efforts and to improve their sales
and margins through advanced data analytics.
With the advent of cloud-based solutions for
analytics, CRM, loyalty and e-commerce, the
high volume of data and information which
resided earlier in discrete form in individual
stores started being collected and collated in
centralised data repositories.
This permitted a greater degree of digital
processing. Unfortunately, it was not always
the case that the data was handled in a
secure manner, mostly due to a general lack
of understanding on how security should be
implemented. This problem of lax security
has been resolved to a great extent when the
software solution is provided by a
software product company.
Security is of prime importance for
such organisations. In cases where the
software is built in-house or outsourced
to a vendor which is not specialised in
providing software solutions specifically
meant for large enterprise clients, the
problem of security usually continues
to persist.
Retail companies are becoming aware
of the dangers involved in ignoring
security as the impact of breaches
have become more costly in the current
market landscape where retail is driven
by social media.
Protecting information and data is
not only about protecting competitive
information, but also about protecting
brand image in the market. This has
caused a significant shift in the security
focus and expectations of retail
organisations, whether it is towards in-
house solutions or outsourced ones.
The retail industry has now become
well-aware of information security
certifications such as ISO 27001:2013
& PCI DSS, including the role that
these certifications play in increasing
assurance against security breaches.
Creating and promoting a security
department within their organisations
Issue 16
|
www.intelligentciso.com