Both Tech and Human Defenses Are Needed
The risk of a cyberattack – nearly anywhere – grows with every passing day. We’ve heard it from the highest levels of government, and we’ve seen an inkling of what a far-reaching breach can do through viruses such as Petya and Wanna Cry. It’s likely that your most critical or sensitive assets and data systems are vulnerable to some degree. So, really, how prepared is your business for the eventuality of a cyber breach or malicious hacking?
Shopping networks QVC and HSN have teamed up. Amazon wants to provide your bread and butter. Walmart rewards you for shopping online. The pieces on the e-commerce chess board are shifting as the nation’s biggest corporations follow the migration of American consumers to the internet.
Meanwhile, cyberthreats, both foreign and domestic, lurk in the shadows. With increasing frequency and severity, cyber-aggression, ransomware, digital disruption and fraud (or worse) are causing concern for U.S. companies and institutions.
There is a connection to be made, and a price to be paid for inaction.
QVC’s $2.1 billion absorption of Home Shopping Network (HSN) is the latest indicator that the migration to online shopping and competition from internet giants like Amazon continue to define the retail landscape. Meanwhile, Amazon is standing in the check-out aisle with its bid to buy Whole Foods Market and its plans to revolutionize the grocery shopping experience.
Walmart, the country’s largest retailer, with more than $340 billion in annual revenues – more than three times that of Amazon – is also feeling the pressure of shifting consumer behavior. The “Amazon effect” and the migration to e-commerce has Walmart moving aggressively into the internet marketplace. In May, the company reported that its online sales in the U.S. had jumped 63 percent in the first quarter of 2017. Not surprising, considering Walmart offered deep discounts in April exclusively to online shoppers.
Cord-cutters now prefer tablets, computers and smartphones to cable TV. Millennials are gravitating toward online purchasing with increased frequency, foreshadowing the inevitability that older, more affluent consumers will follow. However, as retail moves online, merchants and marketers are faced with a new set of challenges and vulnerabilities as they navigate the e-commerce ecosystem.
Foreign hackers recently penetrated the computer networks of U.S. nuclear power stations. As well-protected as these systems certainly are, hackers are successfully breaching their defenses. It’s a sobering thought that other networks we rely upon for critical, everyday services – fuel, electricity, medical services, communication – are equally or even more vulnerable.
The recent Petya ransomware attack, which spread across Europe, disrupting the operations of energy companies, banks and other global businesses, including some in the U.S., is indicative of a new type of cyber-aggression. Last fall, President Obama even expressed concern over the possibility of weaponized artificial intelligence stealing U.S. nuclear weapons codes. How prepared are you for cyber-intrusion?
One of the biggest risks any business faces when it comes to data and systems security is not taking the threat seriously enough. Months prior to the Petya attack, Microsoft issued a patch that protected computers from the malware. The computers whose hard drives were shut down had not been updated. Whether it’s a catastrophic data breach, consumer fraud, hacking or disruption in the form of malware and ransomware, online crime is growing around the world, and there is a disturbing lack of urgency to address the threat.
Accounting departments are often targeted, since they can be portals for accessing financial information. I’ve seen phishing attempts where hackers posed as company executives requesting a wire transfer. They just need to convince one person to respond to an inquiry such as asking for a password. In large operations, not everyone is aware of who is working on what, so the risk is greater.
Industry compliance doesn’t equal security. It’s often just a base minimum. Patches should always be utilized when they are issued, but you should be constantly vigilant by updating your technology as often as possible and backing up data daily. Procedures and proactive human oversight are critically important to containing and preventing threats posed by ransomware and phishing schemes.
Data is king. Don’t undervalue the importance and the value of your customer intelligence. Every company needs a data recovery plan so as not to get caught in a vulnerable situation caused by digital disruption. Guard your bottom line by guarding your data, and only do business with operators you can trust. If you back up your data, online attacks are a nuisance and might cost money and time, but you can quickly bounce back.
As e-commerce explodes, businesses in the U.S. and around the world are facing the reality that the protections they have in place — if any — to safeguard their online transactions, assets and data systems are increasingly vulnerable to hackers and fraudsters who are relentlessly developing new ways to exploit those defenses. While most CIOs may think their systems secure, unless their tools, technology and human processes are up-to-date, the odds are not in their favor.
Monica Eaton-Cardone is a global leader in the field of online retail cybersecurity. She is founder and CIO of Global Risk Technologies and the founder and COO of 
