Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

11:00 AM
Dan Ross
Dan Ross
Connect Directly
E-Mail vvv

How Retail Can Win Back Consumer Trust

Customer loyalty to their favorite brands is all about trust, which today has everything to do with security and privacy.

As more retail chains become easy pickings for cybercriminals, brand managers are finally becoming appropriately concerned about endpoint security. It’s taken these highly visible and widespread attacks by malicious actors to serve as the wake-up call to executives who have been slow to see cybersecurity as a core responsibility.

I’m sure you are familiar with the headlines:

  • After Target’s infamous security breach in 2013, CEO Gregg Steinhafel resigned in the aftermath, underscoring the new reality that data breaches have far-reaching consequences for companies and their brands.
  • The supermarket chain SuperValu (at least 180 stores affected) and UPS (51 stores) recently disclosed information about a related data breach after Homeland Security and the Secret Service issued a warning that more than 1,000 American businesses have likely been affected by “Backoff."
  • In a potentially related case, Home Depot recently acknowledged that a major breach of its POS systems dating as far back April has allowed an estimated 56 million credit card numbers to be compromised. The full extent and origins of the damage remain to be seen, but it is likely the largest breach to date.
  • In the most recent news, the JP Morgan Chase breach compromised the accounts of 76 million households as well as those of seven million small businesses, making it one of the biggest security breaches to date.

These breaches are rising rapidly. Ponemon Institute’s 2014 Cost of Data Breach report, for example, found that the average abnormal customer churn rate after a breach rose 15% over last year. This highlights the public’s growing concern over the security and privacy of information, and underscores a need for companies to secure their infrastructure in order to protect their reputation over the long term.

Even for beloved brands like Target, the impact is significant. Target reported in February that its fourth-quarter profit had fallen 46 percent, after the holiday season breach scared off customers. The retail giant’s total breach-related expenses have reached $235 million so far; some analysts initially feared the fallout could reach $1 billion. Other factors influence stock price, but I’m certain we will see more instances of breaches being a tipping point or last straw for companies that were already vulnerable. 

Security + Privacy = Trust
Consumer loyalty to brands is all about trust, which today has everything to do with security and privacy. When consumers feel that this trust has been broken, brands will suffer long-term consequences.

I can’t say it enough: prevention and detection are both critical to security. Let’s face it, the bad guys are already inside. Taking preventative measures keeps networks under better control and eases recovery and remediation efforts. Security leaders should never assume that intruders are not able to get in. Brands need to invest in better security detection and prevention solutions that will help avoid a similar breach in the future. They should also let the consumers know that they are investing and taking these measures.

Shortening the time from attack to detection is the absolute number one key to mitigating damage to a brand’s reputation, bottom line, and customers. As consumers become more disgruntled and more educated about these breaches, expectations will shift. Discovering malware months after initial intrusion will be seen as negligence and/or incompetence in the court of public opinion. Until recently, the average consumer may have regarded such breaches as inevitable and experienced only minor inconvenience. As breach notifications increase, concerns about identity theft mount and consumer patience erodes. Likewise, government leaders, legal advocates, and credit card companies have begun to push back on retailers.

A unified, system-wide view of security enhances information sharing between IT and the executive suite. Cross-functional teams must be allowed to communicate risks effectively with the help of real-time factual reports, and awareness of these risks must spread beyond the walls of the IT and security departments. Open and trusted lines of communication may be one of the most effective ways to close the intrusion-to-detection dwell time, as Target learned the hard way when an employee complaint on Gawker.com triggered a very public discussion about corporate culture and the company’s failure to heed internal warnings leading to the breach.

Ultimately brand and reputation become synonymous in the eyes of customers and the market as a whole. In order for organizations to rebuild or even maintain trust, they need to recognize that a breach in this day and age is inevitable and therefore your brand’s reputation will depend on how you deal with it.

With more than 30 years of successful entrepreneurial leadership and management experience, Dan Ross is responsible for strategic direction and day-to-day global management at Promisec. Promisec is a pioneer in endpoint visibility and remediation, empowering ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
10/10/2014 | 10:17:31 AM
Begin with the end in mind
With the velocity of data breaches in the headlines these days, it's easy to get caught up in the whats, whys, wherefores and finger-pointing. But the bottom line is that when a company's data is breached, their reputation is on the line and it's in their best interest to be as transparent as possible with customers and the general public. Thanks for reminding us of that Dan, and for threading trust and reputation through the security needle. 
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/1/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
The Threat from the Internet--and What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-07-01
The Journal theme before 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors.
PUBLISHED: 2020-07-01
SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete XML Validation. The readability of the trace file is impaired.
PUBLISHED: 2020-07-01
In nDPI through 3.2, the packet parsing code is vulnerable to a heap-based buffer over-read in ndpi_parse_packet_line_info in lib/ndpi_main.c.
PUBLISHED: 2020-07-01
In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based buffer over-read in ndpi_search_h323 in lib/protocols/h323.c, as demonstrated by a payload packet length that is too short.
PUBLISHED: 2020-07-01
In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-based buffer over-read in ndpi_search_openvpn in lib/protocols/openvpn.c.