Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

10/9/2014
11:00 AM
Dan Ross
Dan Ross
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

How Retail Can Win Back Consumer Trust

Customer loyalty to their favorite brands is all about trust, which today has everything to do with security and privacy.

As more retail chains become easy pickings for cybercriminals, brand managers are finally becoming appropriately concerned about endpoint security. It’s taken these highly visible and widespread attacks by malicious actors to serve as the wake-up call to executives who have been slow to see cybersecurity as a core responsibility.

I’m sure you are familiar with the headlines:

  • After Target’s infamous security breach in 2013, CEO Gregg Steinhafel resigned in the aftermath, underscoring the new reality that data breaches have far-reaching consequences for companies and their brands.
  • The supermarket chain SuperValu (at least 180 stores affected) and UPS (51 stores) recently disclosed information about a related data breach after Homeland Security and the Secret Service issued a warning that more than 1,000 American businesses have likely been affected by “Backoff."
  • In a potentially related case, Home Depot recently acknowledged that a major breach of its POS systems dating as far back April has allowed an estimated 56 million credit card numbers to be compromised. The full extent and origins of the damage remain to be seen, but it is likely the largest breach to date.
  • In the most recent news, the JP Morgan Chase breach compromised the accounts of 76 million households as well as those of seven million small businesses, making it one of the biggest security breaches to date.

These breaches are rising rapidly. Ponemon Institute’s 2014 Cost of Data Breach report, for example, found that the average abnormal customer churn rate after a breach rose 15% over last year. This highlights the public’s growing concern over the security and privacy of information, and underscores a need for companies to secure their infrastructure in order to protect their reputation over the long term.

Even for beloved brands like Target, the impact is significant. Target reported in February that its fourth-quarter profit had fallen 46 percent, after the holiday season breach scared off customers. The retail giant’s total breach-related expenses have reached $235 million so far; some analysts initially feared the fallout could reach $1 billion. Other factors influence stock price, but I’m certain we will see more instances of breaches being a tipping point or last straw for companies that were already vulnerable. 

Security + Privacy = Trust
Consumer loyalty to brands is all about trust, which today has everything to do with security and privacy. When consumers feel that this trust has been broken, brands will suffer long-term consequences.

I can’t say it enough: prevention and detection are both critical to security. Let’s face it, the bad guys are already inside. Taking preventative measures keeps networks under better control and eases recovery and remediation efforts. Security leaders should never assume that intruders are not able to get in. Brands need to invest in better security detection and prevention solutions that will help avoid a similar breach in the future. They should also let the consumers know that they are investing and taking these measures.

Shortening the time from attack to detection is the absolute number one key to mitigating damage to a brand’s reputation, bottom line, and customers. As consumers become more disgruntled and more educated about these breaches, expectations will shift. Discovering malware months after initial intrusion will be seen as negligence and/or incompetence in the court of public opinion. Until recently, the average consumer may have regarded such breaches as inevitable and experienced only minor inconvenience. As breach notifications increase, concerns about identity theft mount and consumer patience erodes. Likewise, government leaders, legal advocates, and credit card companies have begun to push back on retailers.

A unified, system-wide view of security enhances information sharing between IT and the executive suite. Cross-functional teams must be allowed to communicate risks effectively with the help of real-time factual reports, and awareness of these risks must spread beyond the walls of the IT and security departments. Open and trusted lines of communication may be one of the most effective ways to close the intrusion-to-detection dwell time, as Target learned the hard way when an employee complaint on Gawker.com triggered a very public discussion about corporate culture and the company’s failure to heed internal warnings leading to the breach.

Ultimately brand and reputation become synonymous in the eyes of customers and the market as a whole. In order for organizations to rebuild or even maintain trust, they need to recognize that a breach in this day and age is inevitable and therefore your brand’s reputation will depend on how you deal with it.

With more than 30 years of successful entrepreneurial leadership and management experience, Dan Ross is responsible for strategic direction and day-to-day global management at Promisec. Promisec is a pioneer in endpoint visibility and remediation, empowering ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
10/10/2014 | 10:17:31 AM
Begin with the end in mind
With the velocity of data breaches in the headlines these days, it's easy to get caught up in the whats, whys, wherefores and finger-pointing. But the bottom line is that when a company's data is breached, their reputation is on the line and it's in their best interest to be as transparent as possible with customers and the general public. Thanks for reminding us of that Dan, and for threading trust and reputation through the security needle. 
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
Breaches Are Inevitable, So Embrace the Chaos
Ariel Zeitlin, Chief Technology Officer & Co-Founder, Guardicore,  11/13/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19010
PUBLISHED: 2019-11-16
Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands.
CVE-2019-16761
PUBLISHED: 2019-11-15
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the [email protected] npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. All versions >1.0...
CVE-2019-16762
PUBLISHED: 2019-11-15
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. Affected users can upgrade to any...
CVE-2019-13581
PUBLISHED: 2019-11-15
An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A heap-based buffer overflow allows remote attackers to cause a denial of service or execute arbitrary ...
CVE-2019-13582
PUBLISHED: 2019-11-15
An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A stack overflow could lead to denial of service or arbitrary code execution.