In view of the latest cyber attacks on the British department store Harrods, the trading group Marks & Spencer and others, the auditing, tax advice and management consultancy RSM UK advises retail companies to check their controls against cyber attacks regularly to ensure that “they are as robust as possible”. This does not only apply in Great Britain; The risk and online fraud are growing worldwide.
“Retailers: Inside there are already in a difficult trade environment that is shaped by a fragile confidence of the consumers: rising personnel costs and changing consumption habits. The recent wave of cyber attacks adds another critical risk level that significantly damage consumers, interfere with the operation and damage the call of the brand overnight. In an industry, in which it is fiercely fought and hard. The competition is high, the guarantee of data security and business continuity is of the utmost importance, ”warns Jacqui Baker, partner and head of the retail department at RSM UK.
It also indicates the speed and sophistication with which cyber risks develop, especially due to technological progress. “Often it is a question of the ‘when’, not the ‘whether’, whether an attack takes place, so this topic must be at the top of the risk list of retailers: inside,” advises Baker.
Agility is another key for the reaction of retailers: inside, because what solves a problem today may no longer work tomorrow. “Retailers: Inside, cyber resilience now not only has to regard as a technical requirement, but also as the core component of the customer: internal experience and brand protection,” she explains.
Priority and agility are crucial in combating cybercrime
“These recent attacks on retail companies serve all companies as a warning to continuously evaluate and tighten their cyber security measures. Companies are responsible for effective governance, cyber security controls, resilience and, above all, robust plans to react effectively to cyber incidents,” adds Sheila Pancholi, partner for technologiers at RSM UK.
“The first line of defense against cyber attacks are often the employees: It is therefore important to ensure that they are regularly trained and explained to cyber risks and how you can see experiments to access systems via ever more sophisticated phishing emails (e.g. Clickfix Phish) or links to fake websites,” adds Pancholi.
According to the British National Cyber Security Center (NCSC), half (50 percent) of companies and two thirds (66 percent) of charity organizations with a high income have experienced some form of cyber security violation or attack over the past twelve months. The frequency of attacks is even higher in medium and large companies (70 and 74 percent).
Therefore, the British government organization released its “Cyber Governance Code of Practice” at the beginning of this month. It offers companies clear guidelines and best practices for the management of cyber risks.
“We welcome the recent state of conduct of the government, which supports companies in controlling their cyber risks to improve operational resistance,” says Pancholi.
The expert points out that the threat landscape in the face of increasing geopolitical tensions and highly developed cybercriminals, which act on an industrial scale and with wider goals in various industries, will only increase. “This raises the question of whether the current voluntary code is sufficient?” Asks Pancholi.