Understanding Cyber Security Frameworks for Retail Executives

If you’ve been following the ARA’s Cyber Security Awareness Month series, you’ll be clear that in today’s retail landscape, where technology and data are at the core of business operations, protecting your retail business from cyber threats is vital.  Understanding the right path to take can be a game-changer, and implementing a cyber security framework is something you should consider.

In this week’s session, Dushyant Sanathara, Head of Digital Trust (APAC) from the BSI, explains the basics of cyber security frameworks, and how to choose the right one for your business.

Watch the presentation in full and read more insights below:

 

Building Digital Trust

First thing’s first, digital trust is the bedrock of cyber security. It’s all about having confidence in your systems, technology, and data. It’s the belief that your digital assets will work as intended, safeguard sensitive information, and prevent unauthorised access and malicious actions.

Even big-name retailers like Forever21, JD Sports, Under Armour, eBay, Home Depot, and Target have fallen victim to cyber breaches. This serves as a stark reminder that no retail business is immune to cyber threats.

To tackle cyber security risks head-on, many organisations turn to cyber security frameworks. While there are several out there, let’s focus on three popular ones:

  1. Essential Eight: This Australian Government supported framework lays out eight crucial technical controls that every organisation should consider. These controls cover areas like application control, patching, multi-factor authentication, and backups. They are applicable to businesses of all sizes.
  2. NIST Cybersecurity Framework (CSF): Developed by the US government, CSF is a flexible and voluntary framework designed to protect critical infrastructure. It centres around five key functions: identifying threats, protecting assets, detecting incidents, responding to breaches, and recovering from them.
  3. ISO 27001: This global standard is applicable to businesses of all sizes and provides guidance on establishing, implementing, and maintaining information security. ISO 27001 takes a holistic approach, covering technical controls, corporate culture, and continuous improvement.

Choosing the Right Framework

Selecting the right cyber security framework for your retail business can be challenging, but here’s a straightforward approach:

  1. Start with the Essential Eight: If you’re unsure where to begin, the Essential Eight recommended by the Australian Government is a safe starting point. These controls are, as the name suggests, essential for all organisations.
  2. Consider ISO 27001: This globally recognised standard offers comprehensive coverage, including technical controls, culture, and improvement. It can be customised to fit your specific needs.
  3. Combine Frameworks: Some retail organisations mix controls from different frameworks, like the Essential Eight and ISO 27001, to create a tailored cybersecurity strategy.

Steps to Get Started

Ready to act? Here’s a general guide:

  1. Secure Top Management Support: Ensure that your top management understands the risks and commits to allocating necessary resources and time.
  2. Identify and Prioritise Assets: Know what’s valuable to your business and prioritise them based on importance.
  3. Risk Assessment: If you’re new to risk assessments, consider using frameworks like ISO 31000 for guidance.
  4. Develop a Cybersecurity Strategy: Choose the right framework and start implementing it.
  5. Foster a Security Culture: Invest in training and awareness programs to create a cybersecurity-conscious culture within your organisation.

In retail, where digital operations are integral to success, cybersecurity is non-negotiable. Dushyant Sanathara’s presentation highlights the significance of digital trust, outlines the challenges faced by retailers, and introduces key cybersecurity frameworks. By following the recommended steps and adapting them to your unique retail environment, you can enhance your cyber security defences and safeguard your business from cyber threats.

 

SHARE THIS ARTICLE

FURTHER READING

NSW ANZAC Day trading restrictions legislated

On 15 August 2024, the NSW government passed new legislation that will ban trade on the ANZAC Day public holiday for all national retailers operating in NSW. Taking effect from