i3 - January/February 2021 - 21

years ago, according to NRF. Retailers have
t starts like a traditional cops-and-robbers story, but with digialso bumped up the importance of longtal lingo:
standing problems, such as internal theft
" Cybercriminal groups began to cooperate with one another,
( " pilferage " ) and return fraud - both of
chaining crimeware and ransomware infections as part of 'big
which have become significant problems in
game hunting.' "
the cyberworld as well. In the evaluation
Next comes a description of " a small subset of new threat
process, NRF has developed a roster of
groups and malwares " and " the professionalism of the cybercriminal value
defense tactics.
chain. " The tale includes gangs of " the usual suspects " and a " broader cyberThe NRF study found that retailers are
criminal ecosystem, " plus " malicious insiders. "
" devoting more resources to fight " cyberBut this is no crime novel thriller. Nor is there any neat resolution, since the
crime, including top priorities for remote
final pages are still being written. This is the pedantic - and terrifying - retail
monitoring technology, upgraded point of
2020 Threat Trend Report from Accenture Security and the Retail & Hospitality
sale (POS) systems and refund history
Information Sharing and Analysis Center. In one of the most dramatic real-life
tracking programs. Stores are also revising
scenes in the report, the Accenture Cyber Defense team discovers a " malicious
and updating risk management planning,
mailbox " invasion in which the crooks tapped into the email box of an executive
risk/vulnerability assessments and other
of a large retail chain. The villains focused on emails dealing with the compasecurity improvements.
ny's financial transactions, with the goal of payment diversion,
Business analysts contend
executive impersonation or insider trading. Accenture, citing
that COVID-19 has further
the threat to a " robust supplier network with high-dollar payencouraged retailers to reexments, " noted that such attacks " have been successful in stealing
amine their supply chain
funds from every industry " with losses growing every year.
processes by, for example,
By the time the stories end, there are recommendations
evaluating their sourcing
for protective procedures to stave off the growing array of
procedures, to make sure
cyberattacks, but no happy denouement. Accenture - like
they are not solely reliant on
other analysts - expects that the bad guys will continue to
single-source factories in
find inventive ways to attack the retail industry's activities in
Asia. CTA's recent report on
ecommerce, traditional retail store operations and the supply
supply chain, The Balancing
chain process from manufacturers and their vendors.
Act: How SMEs Are
Other reports examine the growing cybersecurity threats
Adjusting Their Supply
during the COVID-19 era, which has seen the simultaneous
Chains To A New Normal,
expansion of remote working and of ecommerce. Evolving
advises SMEs develop a sinbusiness practices during the pandemic have required new
- OLIVER WYMAN
gle source of truth by colways to deal with supply chains, adding international intrigue
laborating more with
plus potential cyberattack vulnerabilities.
suppliers, manufacturers, and employees,
" Given the interconnected nature of supply chains and increasingly seamless
tweaking ERP systems, and increasing datadigital commercial ecosystems, one or more types of business, even the very
sharing. Such decisions may require new
small, could be the weakest links in the chain, " explained Oliver Wyman, a
thinking about data transparency. Experts
global management consulting subsidiary of Marsh & McLennan Companies.
suggest that access to data will encourage
" Smaller and medium-sized enterprises, [which] often lack sophisticated capamore resiliency in supply chains and that
bilities, are particularly vulnerable as they pause business-as-usual activities. "
technology is the only way to assure such vis " Retail is more vulnerable to cyberattacks due to the nature of its online
ibility. But others fret that more open shartraffic and the design of its ecommerce websites, " Oliver Wyman concluded.
ing of data threatens security lapses.
It cited the contradictory challenge of making online shopping a " pleasurable
Studies at BlueVoyant, another security
experience " while maintaining robust security. " This reticence increases the
management firm, examined the dangers of
likelihood that a retailer will be a prime target increasing the need to act now
third-party relationships. BlueVoyant's
to implement cybersecurity best practices. "
report, Supply Chain Cyber Risk, quotes
Goldman Sachs Board Director Phil
RECOGNITION AND RESPONSE
Venables, who says, " It is very important to
The National Retail Federation's 2020 Retail Security Survey came to simireview the security of your vendors before you
lar conclusions offering defensive ideas for protection. Stores and chains
engage them, to make sure they are capable
have revved up their focus on ecommerce crime and cyber-related incidents,
of meeting your needs or otherwise enhancsuch as data breaches, to considerably higher priorities than they were five

Tang Yau Hoong/Ikon Images

" Retail is more
vulnerable to
cyberattacks
due to the
nature of its
online
traffic and the
design of its
ecommerce
websites. "

C TA . t e c h / i 3

i3_0121_20-23_Feature_CyberSecurity.indd 21

JANUARY/FEBRUARY 2021

12/9/20 3:19 PM

https://accntu.re/3oVniHa https://bit.ly/3ajFWVg https://bit.ly/3ajFWVg https://bit.ly/3ajFWVg https://bit.ly/3ajFWVg https://bit.ly/2Wz0cdv https://bit.ly/2Wz0cdv https://nrf.com/research/national-retail-security-survey-2020 https://cta.tech/Resources/i3

i3 - January/February 2021

Table of Contents for the Digital Edition of i3 - January/February 2021