"As soon as you connect live to the internet, you're suddenly part of a global network and you've exposed your systems whether you know it or not." Ken Andrews isn't being dramatic—he's being realistic. The conveniences afforded to us by internet access have also made us vulnerable to attacks, and they're happening to retailers of all sizes in all places.
From large grocery chains in Sweden to small IGA stores in the Midwest, hackers are attacking POS systems, stealing customer and employee data, and breaching security systems—and it's all in a day's work. Andrews, the president of Millennium Digital Technologies and developer of IGA's new cybersecurity program, says damages from attacks are up over 200 percent from 2020 and cost businesses an average of $283,000 per incident. "The extended costs can be significantly higher when factoring in the long-term disruption to the business, brand damage, loss of customer trust, and more," he adds.
IGA CEO John Ross doesn't mince words when it comes to the severity of the threat. "I believe sincerely that the threat of the cybercriminals identifying and choosing the grocery industry as an easy mark is way higher than any of us believe," he says. "I believe it is an existential threat for our industry, and especially for small to mid-size independents." Just like the road being demolished and rerouted in front of your store--or damage from a fire or a hurricane gutting your store--Ross and Andrews warn that cyber crimes and ransomware attacks can wipe out your business in minutes.
Why are independents at risk?
According to Andrews, the majority of small to mid-size business are poorly protected from cyber threats and unprepared to respond in the event of an incident. From accounting systems and HR databases to bank accounts and loyalty databases, grocers hold a vast amount of data that is ripe for cyber criminals' picking. And with retailers so busy running their stores, they often don't have time to think about doing more than the minimum to protect that data. But complying to PCI standards or installing anti-virus software on store computers isn't enough.
"PCI is there to protect VISA, Mastercard, and the acquiring bank, not the merchant data," Andrews says. Instead, the seemingly innocent email is a huge threat to a retailer's security. Why email? Because your employees bring email with them to your store every day. They hop on your computers and use your wireless to access Gmail, Hotmail, Outlook, etc., which don't have the level of protection your store needs. Employees can click on a link in their email, or in their text messages, and suddenly your entire network is infected and your data exposed.
And that data? That data is extremely valuable to cybercriminals, who sell it or hold it for ransom, Andrews says. "Cybercrime is paying more than ever for cybercriminals and they are getting smarter at fooling businesses and capitalizing on their weaknesses."
But there is hope. "We have an opportunity to get ahead of this issue to protect both the individual operators as well as the IGA brand as a whole," Andrews says about the Cyber Security Program for retailers.
What is the IGA Cyber Security Program?
Specifically designed for IGA locations, IGA's Cyber Security Program provides scalable end-to-end protection and expert technical resources for each store. In other words, by implementing the program, your store will become less appealing to cybercriminals and you and your team will learn how to prevent attacks.
"It is within our realms as independent operators to protect against cyber attacks," says Ross. "You need to be hardened and more difficult to attack than others. Some of it's technology, some of it's training, and some of it is awareness."
The program offers multiple tiers of protection, so retailers can select the best option for them. To start, there is a no-cost biennial security assessment that measures your security footprint against industry best practices and security standards. As part of this process, security and technology experts provide recommendations for hardening systems and remediating discovered vulnerabilities. This tier is available to all IGA locations for free, and provides a framework of best practices and training materials tailored to the responsibilities of staff, managers, and owners. And while the free tier is a great place to start, "Most locations will require more comprehensive support and monitoring to ensure the ongoing security of their business," Andrews notes.
The additional paid tiers provide increasing levels of protection, monitoring, and redundancy, which gives each retailer the flexibility to choose the best solution for their needs. That includes adding managed firewalls, switches, and access points to ensure 360 degrees of network management and protection.
To further ensure retailers are protected, IGA has included the Advantage Breach Indemnity program in all paid tiers. It provides $100,000 in breach indemnity for the location in the event that a cyber incident does take place. "This feature is unique and industry leading, in that there are no sublimits to the program," Andrews explains. "With other programs, you will find caps on payouts, such as limiting the coverage for a required forensic audit to some lower value like $15,000." Those types of sublimits severely limit the value of the protection, which means lower coverage limits and potential out of pocket expenses for the retailer.
How much does IGA's Cyber Security Program cost?
The cost to implement the solution is surprisingly low and typically less than $2,000 for the average independent grocer, Andrews says. And that cost provides years of protection, service, and support for the location. "This is the lowest cost insurance you could buy against a breach or other cyber incident," Andrews says.
Retailers can visit the IGA Cyber Security Program website to see a detailed breakdown of each tier, and submit an inquiry to price out the tier(s) that best suits their needs.
What happens once I sign up for IGA's Cyber Security Program?
Andrews and his team have simplified the installation process to allow for quicker installs that can often be completed without any outside technical assistance. For all tiers, including the free base program, retailers will receive:
- Training modules for staff, managers, and owners—these materials are targeted to specific employees within your organization.
- Security best practices guide—the top 5-10 items a retailer can and should focus on to protect themselves from cyber risks, including ransomware attacks.
- Security best practices assessment—if requested, the team will review the retailer's processes and systems against security best practices and make recommendations for future protection measures.
The program provides ongoing monitoring and reporting to ensure that new problems are quickly detected and resolved before they can be exploited. Besides providing peace of mind that a third party is keeping an eye on your security, it also detects problems that are often missed, such as when vendors do not apply critical updates to the systems they are responsible for or when changes are made that open up unintended security holes. And that third party doing the monitoring isn't just an anonymous person somewhere far away. It's an IGA Corporate employee in Chicago who is personally invested in ensuring that your store and all IGA stores on this program are protected and secure.
So don't wait for another holiday season to leave your store at risk—after all, with Thanksgiving, Christmas, and New Year's coming up and the grocery industry's biggest profit-builders, it's the perfect time for cyber criminals to easily infiltrate a weakened system and hold that data ransom for hundreds of thousands of dollars, shutting your store down and sending shoppers elsewhere. With a free basic plan and low-cost tiers, there's no reason to go another season unprotected against cyber crime.
No Comments Yet
Let us know what you think