compliance vs security

Security vs Compliance for Retailers

Building a Secure and safe business is perhaps the most important need of modern businesspeople especially businesses that interface directly with the public, like retailers and other service providers.

We live in a data-driven society and the security of that data is the key confidence that clients will deposit in a business.
C:\Users\Stan\Desktop\Np order\27.5.19\Devante 20.5\visa-3082813_960_720.jpg

According to recent statistics, today, one in three retailers lose revenue over cyber-attacks, with 16 percent of companies tallying more than $1 million in losses.

That retailer is a clear and easy target for cyber-attack has become clear and only about 52 percent of said retailers feel that their security infrastructure is up-to-date with the latest threats.

Compliance is Not Security

Most retailers (about 61%) have invested hugely in making sure that their business is fully compliant with retail security standards. The security standards include,

  • The PCI-DSS ( Payment Card Industry Data Security Standard (PCI-DSS), which is required of all businesses that accept, process, store and transmit credit card data
  • The SOX standard ( Sarbanes-Oxley Act) which is required from publicly traded retail companies to ensure transparent financial reporting and a system  of checks and balances,
  • The HIPAA (Health Insurance Portability and Accountability Act) which is required of retail pharmacies as a means of protecting patient’s information.

With 61% of retailers fully compliant, why are retailers still prone so rampantly to these cyber-attacks?

The response to this problem lies in the fact that compliance strictly speaking is not security.

While compliance is a step in the right direction towards security, a fully compliant business may appear more secure to the customer, but is not completely secure as a matter of fact. Retailers must, therefore, have a totally different and holistic approach to the issue of security.

Security as opposed to Compliance

Compliance standards are meant to secure a business, but the cyber risks that retailers face are always changing, and compliance standards are usually far behind the threat. Actually, compliance standards are developed in hindsight and by the time they are being widely implemented, the threat may have shifted elsewhere.

Retailers are constantly under threat of, Point-of-Sale (POS) breaches which is one of the top threats to retail cybersecurity and which often occurs among a large group of retailers who don’t have point-to-point to end encryption (P2PE), or who are working with outdated operating systems.

Distributed denial-of-service (DDoS) attacks are also fairly common where businesses do not frequently access the security of their cloud.

Ransomware attacks have also resurrected recently, last year alone the number of attacks jumped from 3.8 million to 638 million.

When you consider the lethality of the present threats and its quick evolutions, it becomes clear that not only do compliance standards fall short of security but even conventional security measures such as anti-virus, firewalls, and intrusion detection systems also do not suffice where experienced attackers are concerned.

To build a Security approach to your retail business you in addition to adhering to compliance standards, you will need to consider the following.

  • Train your staff or employ fully specialized IT staff who can work not just on prevention, but on detection and handling threats.
  • Investing in a Remote Support company for your off-site data storage, retail control solutions, and remote monitoring may be a great approach for retail companies, because it frees up their time to face actually growing the business and abandons the worry over cybersecurity to the very competent hands of a remote support company and for a fraction of the cost of employing an IT staff too.

In this age and time, it pays to have a robust approach towards security and a firm resolve towards compliance. Only then can you truly be safe from the law and cyberthreats.