Canadian Retailer - Fall 2016 - 39

LOSS PREVENTION

LOSS Prevention has changed a lot over the last two decades.

Just ask Stephen O'Keefe; he's been in the business for more
than 30 years, overseeing security and risk management for
such retailers as Sears, The Bay, and most notably Walmart.
During that time, he's seen the digital revolution transform
the traditional marketplace, providing today's retailers with
more opportunity than ever before. But as the nature of assets,
inventory, and even loss itself have changed, he notes, that
transformation has proved a fertile breeding ground for a new
generation of online criminals.
Today, O'Keefe runs Gristmill Solutions-a retail consulting
firm that specializes in operations and loss. And he says that
with respect to criminal activity, retailers need to recognize
the evolution that's taken place over the past number of years.
"The game has changed," he explains. "It's changed, and
it continues to change. Bad guys are saying: 'Wait a minute.
The greatest asset that's out there outside of
people is information. And I don't have to
physically steal anything. The risk is so much
lower.' There are nefarious people out there.
So you have to do whatever you can to protect
that information."
"Ten years ago, it wasn't happening at all
unless you were a big business like a Walmart," agrees Chester Wisniewski, Principal
Research Scientist with data security company Sophos, and a 30-year veteran in the
business (and also a regular consultant for CNN, NPR, and
The New York Times). "But now we're getting to a point where
even small businesses have to look at this like any other crime
against them. If you have money, or something equally valuable, it's only a matter of time before a thief tries to steal it from
you. And you're probably a lot better at locking your physical
building down than your digital assets."
While hard numbers are scarce, the 2016 Verizon Data Breach
Information Report, which tracks trends in more than 80 countries, estimates that corporate data breach attempts number
well into the hundreds of thousands each year. And although
the victims of those breaches are most often in the entertainment, finance, or public sector, retailers-with their reams of
customer credit and personal information-are a particularly
compelling target. Attacks can take many forms, from stealing
customer payment information, to pilfering trade secrets, to
using email hacks to initiate fraudulent wire transfers. Hackers
will use virtually every tool at their disposal-phony PINpads
with keystroke logging technology, phishing emails (messages
with phony attachments that grant a scammer access to corporate email servers), and even Ransomware attacks (locking companies out of their own files until a ransom is paid) to get what
they want. And, as the 2013 hack of American retailer Target
proved, the costs of such an attack can be disastrous. To date,
that breach-which exposed 40 million credit and debit cards
to fraud-has cost the company upwards of $100 million; $67

million to Visa, $39 million to the banks, and
$10 million to the customers themselves. Other
high-profile hacks have affected Sony, Ubisoft,
TJX, Home Depot, and even EBay. And while
there's little evidence that such breaches have
much impact on long-term share prices, they
do have an effect on one area that's even more
crucial: customer trust.
"First and foremost is the trust of the consumer," O'Keefe notes. "And that goes handin-hand with the reputation of the retailer.
Consumers need to be able to trust those who
are presenting them with a product. And if,
within that transaction, I'm going to be negligent in safeguarding your personal information, that trust is gone."

"The game has changed. It's changed, and
it continues to change. Bad guys are saying:
'Wait a minute. The greatest asset that's out
there outside of people is information. And I
don't have to physically steal anything. The
risk is so much lower.'"

www.retailcouncil.org/cdnretailer

- STEPHEN O'KEEFE, Gristmill Solutions
Weathering the storm

The total cost to a business is virtually impossible to estimate. Unlike a physical theft,
the true cost of a data breach can take weeks-
if not months to fully understand; on top of
the loss of assets or information, there is also
the potential for fines, damage to reputation,
and lawsuits, not to mention the money spent
hiring security experts to repair systems and
find vulnerabilities.
"It's extremely difficult to estimate," explains
Bill Bradley, Director of Product Marketing at
Digital Guardian, a Massachusetts-based Data
Protection company. "At the end of every breach,
I suppose I could come up with a mathematical
calculation, but over time that number's going
to grow. The more you learn about a breach, the
more things come to light, and the greater the
cost. Ultimately, yeah, I can get it down to a costper-record. But does that help me predict anything? Maybe. Maybe not."
Even for experts like O'Keefe and Wisniewski, there is a frustrating lack of information on
corporate data breaches-in terms of both cost
and frequency (even the Verizon DBIR, with
its 100,000 incidents, acknowledges a lack of

FALL 2016 | CANADIAN RETAILER

| 39


http://www.retailcouncil.org/cdnretailer

Table of Contents for the Digital Edition of Canadian Retailer - Fall 2016

Publisher’s Desk
Retail Currents
Retail Research
Independents’ Corner
Retail: At Issue
The Future of Retail
Technology for the Good
E-Commerce Next Practices
The State of Mobile Payments
Aldo Launches ‘Store of the Future’ at Westfield World Trade Center
The Hottest Summer in Half a Century
Once More Unto the Breach
Advertiser’s Index
Canadian Retailer - Fall 2016 - bellyband1
Canadian Retailer - Fall 2016 - bellyband2
Canadian Retailer - Fall 2016 - cover1
Canadian Retailer - Fall 2016 - cover2
Canadian Retailer - Fall 2016 - insert1
Canadian Retailer - Fall 2016 - insert2
Canadian Retailer - Fall 2016 - 3
Canadian Retailer - Fall 2016 - Publisher’s Desk
Canadian Retailer - Fall 2016 - 5
Canadian Retailer - Fall 2016 - Retail Currents
Canadian Retailer - Fall 2016 - 7
Canadian Retailer - Fall 2016 - insert3
Canadian Retailer - Fall 2016 - insert4
Canadian Retailer - Fall 2016 - Retail Research
Canadian Retailer - Fall 2016 - Independents’ Corner
Canadian Retailer - Fall 2016 - Retail: At Issue
Canadian Retailer - Fall 2016 - 11
Canadian Retailer - Fall 2016 - insert5
Canadian Retailer - Fall 2016 - insert6
Canadian Retailer - Fall 2016 - The Future of Retail
Canadian Retailer - Fall 2016 - 13
Canadian Retailer - Fall 2016 - 14
Canadian Retailer - Fall 2016 - 15
Canadian Retailer - Fall 2016 - 16
Canadian Retailer - Fall 2016 - 17
Canadian Retailer - Fall 2016 - 18
Canadian Retailer - Fall 2016 - 19
Canadian Retailer - Fall 2016 - Technology for the Good
Canadian Retailer - Fall 2016 - 21
Canadian Retailer - Fall 2016 - 22
Canadian Retailer - Fall 2016 - 23
Canadian Retailer - Fall 2016 - E-Commerce Next Practices
Canadian Retailer - Fall 2016 - 25
Canadian Retailer - Fall 2016 - 26
Canadian Retailer - Fall 2016 - 27
Canadian Retailer - Fall 2016 - The State of Mobile Payments
Canadian Retailer - Fall 2016 - 29
Canadian Retailer - Fall 2016 - 30
Canadian Retailer - Fall 2016 - 31
Canadian Retailer - Fall 2016 - Aldo Launches ‘Store of the Future’ at Westfield World Trade Center
Canadian Retailer - Fall 2016 - 33
Canadian Retailer - Fall 2016 - The Hottest Summer in Half a Century
Canadian Retailer - Fall 2016 - 35
Canadian Retailer - Fall 2016 - 36
Canadian Retailer - Fall 2016 - 37
Canadian Retailer - Fall 2016 - Once More Unto the Breach
Canadian Retailer - Fall 2016 - 39
Canadian Retailer - Fall 2016 - 40
Canadian Retailer - Fall 2016 - 41
Canadian Retailer - Fall 2016 - Advertiser’s Index
Canadian Retailer - Fall 2016 - cover3
Canadian Retailer - Fall 2016 - cover4
http://www.nxtbook.com/naylor/RETS/RETS0617
http://www.nxtbook.com/naylor/RETS/RETS0517
http://www.nxtbook.com/naylor/RETS/RETS0417
http://www.nxtbook.com/naylor/RETS/RETS0317
http://www.nxtbook.com/naylor/RETS/RETS0217
http://www.nxtbook.com/naylor/RETS/RETS0117
http://www.nxtbook.com/naylor/RETS/RETS0616
http://www.nxtbook.com/naylor/RETS/RETS0516
http://www.nxtbook.com/naylor/RETS/RETS0416
http://www.nxtbook.com/naylor/RETS/RETS0316
http://www.nxtbook.com/naylor/RETS/RETS0216
http://www.nxtbook.com/naylor/RETS/RETS0116
http://www.nxtbook.com/naylor/RETS/RETS0615
http://www.nxtbook.com/naylor/RETS/RETS0515
http://www.nxtbook.com/naylor/RETS/RETS0415
http://www.nxtbook.com/naylor/RETS/RETS0315
http://www.nxtbook.com/naylor/RETS/RETS0215
http://www.nxtbook.com/naylor/RETS/RETS0115
http://www.nxtbook.com/naylor/RETS/RETS0614
http://www.nxtbook.com/naylor/RETS/RETS0514
http://www.nxtbook.com/naylor/RETS/RETS0414
http://www.nxtbook.com/naylor/RETS/RETS0314
http://www.nxtbook.com/naylor/RETS/RETS0214
http://www.nxtbook.com/naylor/RETS/RETS0114
http://www.nxtbook.com/naylor/RETS/RETS0613
http://www.nxtbook.com/naylor/RETS/RETS0513
http://www.nxtbook.com/naylor/RETS/RETS0413
http://www.nxtbook.com/naylor/RETS/RETS0313
http://www.nxtbook.com/naylor/RETS/GrandPrix2012
http://www.nxtbook.com/naylor/RETS/RETS0213
http://www.nxtbook.com/naylor/RETS/RETS0113
http://www.nxtbook.com/nxtbooks/naylor/RETS0612
http://www.nxtbook.com/nxtbooks/naylor/RETS0512
http://www.nxtbook.com/nxtbooks/naylor/RETS0412
http://www.nxtbook.com/nxtbooks/naylor/RETS0312
http://www.nxtbook.com/nxtbooks/naylor/RETS0212
http://www.nxtbook.com/nxtbooks/naylor/RETS0112
http://www.nxtbook.com/nxtbooks/naylor/RETS0611
http://www.nxtbook.com/nxtbooks/naylor/RETS0511
http://www.nxtbook.com/nxtbooks/naylor/RETS0411
http://www.nxtbook.com/nxtbooks/naylor/RETS0311
http://www.nxtbook.com/nxtbooks/naylor/RETS0211
http://www.nxtbook.com/nxtbooks/naylor/RETS0111
http://www.nxtbook.com/nxtbooks/naylor/RETS0610
http://www.nxtbook.com/nxtbooks/naylor/RETS0510
http://www.nxtbook.com/nxtbooks/naylor/RETS0410
http://www.nxtbook.com/nxtbooks/naylor/RETS0310
http://www.nxtbook.com/nxtbooks/naylor/RETS0210
http://www.nxtbook.com/nxtbooks/naylor/RETS0110
http://www.nxtbook.com/nxtbooks/naylor/RETS0309
http://www.nxtbook.com/nxtbooks/naylor/RETS0209
http://www.nxtbookMEDIA.com