On the floor of the NRF Protect show
As of Thursday, June 20, 2019
Robberies, employee theft and organized retail crime create billions of dollars in losses for stores every year, so companies are increasingly concerned about cybercrime.
Anxiety about cybercrime was one of the chief findings of a recently released survey from the National Retail Federation and the University of Florida, said Bob Moraca, the NRF’s vice president for loss prevention.
Cybercrime also was a hot topic at NRF Protect, a convention devoted to loss prevention and cyber risk, held June 11–13 at the Anaheim Convention Center in Anaheim, Calif.
“As criminals find new ways to steal, loss-prevention teams are finding new ways to stop them,” Moraca said. “Increasingly, this is a battle focused on technology.”
An increasing awareness of cybercrime and fraud comes with the rise of omni-channel retail, which focuses on digital sales. The NRF/University of Florida survey asked loss-prevention executives the source of the largest increase in fraud against retailers.
While 43 percent of those surveyed said the largest increase in fraud against retailers is taking place in bricks-and-mortar stores, 52 percent said it is happening in various channels using digital commerce, such as e-commerce and omni-channel retail.
Data breaches are also considered a typical cybercrime. Cyber criminals hack into retailers’ computer systems and steal consumers’ credit-card numbers. Criminals then sell the stolen data to other criminals, or they use the credit-card numbers to establish fraudulent credit-card accounts.
They also use the stolen information to purchase gift cards, which can be hard for law enforcement to trace, said John Pescatore, director of emerging security trends at the SANS Institute, a research and education organization in the Washington, D.C., area that provides training to cyber-security workers.
Cybercrime can take on enormous proportions. A cybercrime caper made global headlines at the end of 2013 when Target Corp. announced that the credit- and debit-card information of about 40 million customers had been stolen.
The breach was traumatic for the mass retailer. It resulted in the resignation several months later of Gregg Steinhafel, Target’s chief executive officer. In 2017, Target had to pay an $18.5 million settlement after a lawsuit was filed by 47 states and the District of Columbia.
Hitting easier prey
Since then, major retailers have gotten wise to cybercrime and are much more vigilant in protecting their data, so information breeches at big retailers have declined, Pescatore said.
“Attackers go for the easiest targets,” he noted. “They’re going after the smaller retailers.” Smaller retailers often do not have the deep pockets to spend on cyber-security teams.
But Pescatore said that smaller retailers can fend off a lot of attacks by taking basic steps to protect their digital presences from being hacked. “It’s basic security hygiene. It’s just a part of doing business,” he said.
A lot of basic measures are described on a website run by the nonprofit Center for Internet Security, detailed at www.cisecurity.org, Pescatore said.
Retail is not the only field targeted by cybercriminals. Communications and technology company Verizon publishes an annual Data Breach Investigations Report. Its 2019 report found that public-sector organizations, which include public-education entities and law enforcement, are a big focus for hackers.
The report analyzed 41,686 security incidents from 86 countries and confirmed that 2,013 of those were data breaches. The sector reporting the largest amount of security incidents was public-sector organizations, with 23,399 incidents. Total security incidents reported by retailers were 234.
Organized crime prevails
Nevertheless, organized retail crime continues to be a major threat to retailers, according to the NRF/University of Florida survey, making up two-thirds of retail losses.
Organized retail crime is defined as burglaries committed by professional thieves, often ordered by a crime boss, targeting bricks-and-mortar stores.
Organized-retail-crime gangs can steal hundreds of thousands of dollars of goods. At the recent NRF Protect convention, John Willis, a Homeland Security Department special agent, was honored for his work in a decade-long investigation that brought a San Diego–based organized-retail-crime group to justice.
The investigation recovered $500,000 in merchandise stolen from more than 50 retailers. Willis’s investigation resulted in the 2017 arrests and convictions of 15 people.