Intelligent CISO Issue 16 - Page 44

industry unlocked Shailendra Singh, Chief Information Security Officer – Capillary Technologies Organisations operating in the retail sector are responsible for safeguarding huge amounts of customer data and ensuring a secure, smooth shopping experience for those who choose to use online services. The cost of a breach is huge, both financially and reputationally. Shailendra Singh, Chief Information Security Officer – Capillary Technologies, talks us through some of the main cyber-risks and how CISOs can address these. T 44 The retail sector is a prime target for hackers and cybercriminals, and why not? Look at the sheer volume of data generated on a daily basis. Customers’ personal details along with their credit card numbers make a lucrative target. However, the retail sector by design is not strongly focused on information and data security because the connection to ‘valuable data’ is not evident. Information is usually and rightly viewed to be a domain involving software and digital interactions while retail has to do with physical products and offline stores. This is changing rapidly with the advent of online retailing and digitsation of CRM, loyalty and business analytics solutions. Retail giants started using software solutions a long time ago to improve their customer engagement efforts and to improve their sales and margins through advanced data analytics. With the advent of cloud-based solutions for analytics, CRM, loyalty and e-commerce, the high volume of data and information which resided earlier in discrete form in individual stores started being collected and collated in centralised data repositories. This permitted a greater degree of digital processing. Unfortunately, it was not always the case that the data was handled in a secure manner, mostly due to a general lack of understanding on how security should be implemented. This problem of lax security has been resolved to a great extent when the software solution is provided by a software product company. Security is of prime importance for such organisations. In cases where the software is built in-house or outsourced to a vendor which is not specialised in providing software solutions specifically meant for large enterprise clients, the problem of security usually continues to persist. Retail companies are becoming aware of the dangers involved in ignoring security as the impact of breaches have become more costly in the current market landscape where retail is driven by social media. Protecting information and data is not only about protecting competitive information, but also about protecting brand image in the market. This has caused a significant shift in the security focus and expectations of retail organisations, whether it is towards in- house solutions or outsourced ones. The retail industry has now become well-aware of information security certifications such as ISO 27001:2013 & PCI DSS, including the role that these certifications play in increasing assurance against security breaches. Creating and promoting a security department within their organisations Issue 16 | www.intelligentciso.com