How Retail CIOs Can Balance Innovation and Security
By: Bill Tarbell
It probably won’t come as much consolation to the retailers who are gathering at BoxWorks 2015 in San Francisco this week, but there are industry sectors with far bigger cybersecurity woes than theirs.
Last week, BitSight, a company that offers a variety of risk assessment services, published its annual benchmark report that rates how well-prepared companies are from a security assessment. Despite all the headlines over the past year detailing data breaches and hacker attacks at high-profile merchants, retail security was rated far better than sectors like energy, utilities and even health-care.
Of course, this doesn’t mean that retailers can put their cybersecurity fears behind them. In fact, a study of the sector’s purchasing priorities by Boston Retail Partners showed a projected 151% increase in the use of end-to-end encryption by the end of 2016, and a 145% increase in the use of tokenization (a way of making data unintelligible to third parties, even if it’s lost or stolen). Security is still top of mind, which is probably why it is a featured topic in so many of the BoxWorks 2015 sessions this year.
Fortunately, the industry is already working more collaboratively to make sure customer and company data stays as safe as possible. Just this summer, for example, a number of trade organizations came together to form the Retail Cyber-Intelligence Sharing Center (R-CISC), a place where best practices could be collected and distributed. In the site’s inaugural blog post, R-CISC pointed out that even if other sectors become a major target for security breaches, retailers face data protection considerations all their own.
The geographically dispersed, light footprint nature of retail environments makes them a unique challenge to protect. This is different from say, an airplane manufacturer protecting the IP of its next airplane design on a hardened server in a datacenter somewhere. There’s also a multiplier effect of retail sites on the cost of securing the enterprise — that is, the number of retail sites, times the number of end points, times the cost of licenses / hardware to secure.
Experienced CIOs know that human factors can also play a big role in making information secure (or not). This includes errors that lead to a breach or rogue employees who fail to follow proper procedures and policies. Marketing expert Seth Godin recently suggested that part of the issue may be when organizations don’t work hard enough to hire and develop staff with the right attitude.
“We run classified ads to find the cheapest common denominator employee and spend all our time building systems to protect our customers from people who don’t care,” he said.
That may sound a bit negative, but you could flip it around and suggest that the right approach to people and technology can not only protect customers but serve them better. Think of it this way: Even the best customer experience is meaningless if customers don’t feel safe doing business. CIOs, meanwhile, are increasingly realizing their future lies in getting closer to the people tasked with improving the customer experience. And those who oversee front-line customer experiences are realizing that technology can be a powerful tool for the work they do.
Along with helping retail associates become more knowledgeable, helpful and responsive, retail CIOs will need to be develop strategies that empower in-store staff to keep information secure. It may turn out to be one of the most innovative things they can do.