For many years now, devastating incidents involving data breaches have dotted the technology landscape, having both direct and indirect outcomes for retailers and the retail customer. The most recent mega-breach involves customers of Snowflake, a cloud-based data warehousing platform intended to facilitate secure data sharing and collaboration between organizations. This incident involves one of the most damaging data breaches in recent history, impacting companies such as AT&T, Advance Auto Parts, Neiman Marcus Group, and Ticketmaster among others. AT&T alone has claimed that a cache of data that was stolen during the breach contained phone numbers and call records of “nearly all” of its customers—around 110 million people.
Retailers are very familiar with the risks and consequences of data breaches, with former attacks occurring as far back as a decade ago and more severely impacting companies such as Target, TJX, and The Home Depot. These data insults continue to devastate retailers to this day, with breaches not only affecting the companies and individuals whose data was exposed, but also emboldening the cyber thieves who profit from their malicious cyberattacks.
Interestingly, many attacks originate from third-party sources. The devastating Target data breach of 2013 took place when cyber attackers accessed Target’s gateway server through credentials stolen from a third-party HVAC vendor. Similarly, Snowflake maintains that its systems were not directly penetrated by the cyber criminals, which appears to have been substantiated with reports by those claiming responsibility for the hack that they gained access to Snowflake systems by first compromising third-party partners with which Snowflake does business.
This stark reminder underscores the importance to protect our systems at every level, establishing robust policies as part of our protection strategies and updating our data security plans on a regular and consistent basis to keep pace with the latest cyber threats.
Data Dilemmas
With cyber-criminals coercing their way into data vaults across the globe, data breaches and similar insults have reshaped our data protection strategies and the boundaries of data security. Banks, credit card companies, and retailers alike are all searching for more effective ways to protect critical information and the lifeblood of retail commerce. There have already been more than 1 billion data breach victims in the first half of 2024 alone, according to the Identity Theft Resource Center; 1,571 data breaches have been reported thus far this year, a 14 percent increase compared to the same period last year.
To further complicate the threat, those attempting to compromise our information resources may have incentives beyond financial gain. While the protection of financial and payment data is absolutely critical, we cannot afford to lose sight of the value—and potential liability—that can be tied to all of our sensitive information. For example, it’s certainly not out of the realm of possibilities that a disgruntled customer or employee might attempt to hack into our systems to release sensitive information that could cause significant damage and embarrassment to their organization.
This points to the ongoing need to remain diligent with the policies and practices designed to protect us from such insults and maintain critical security perspective in every area of the business. Customers are continuously looking at retail operations through a critical eye, which threatens to change spending habits and personal choices based on factors beyond the quality of our products. As a result, we must always keep in mind that many of the challenges are much more far-reaching when it comes to the protection of our resources and the security of our data. Brand protection has added a new dimension in the face of company response. Customer service takes on a different perspective as well in light of threats that can jeopardize personal bank accounts as well as consumer preferences.
Moving Forward
These constant attacks on our data systems will continue to lead to significant changes in business ideologies, performance models, and company planning and structure as businesses respond.
“There has to be a plan, a defense-in-depth strategy that proactively addresses data security,” says James Foster, founder and executive chairman of ZeroFOX. “In the information world, it’s about firewalls, intrusion detection systems, two-factor authentication, and encryption. These defenses are layered to make them more resilient. But there has to be more. Our defenses must include a plan and a partnership that effectively creates a unified team to combat these threats.
“As retailers expand their offerings and push online services, internal and external policies, roles and synergies must be re-evaluated, and a collaborative security strategy that includes loss prevention absolutely must be part of the conversation,” Foster continued. “The success of the organization simply depends on it.”
Looking at how this will potentially impact the evolution of the loss prevention profession, we must be active participants in the solutions process. Rather than simply reacting to decisions, we should seek out ways to proactively contribute to the process as such decisions are being developed. Whether this involves reaching out and cultivating partnerships, improving our base of knowledge, learning new skills, taking on new responsibilities, or simply sharing our thoughts and ideas, we will be expected to step up to the plate. It’s always better to prepare and lead the way rather than to wait and hope for the best.
To learn more about current methods for controlling data breaches, read “How to Prevent Data Breaches with Proven Techniques in 2024” from LP Magazine.