Q&A with Akamai on the challenges of cybersecurity in retail

What are the biggest challenges facing your retail customers?

This is the sheer volume of cyberattacks. For example, retail is one of the top industries targeted by “bots”, which are compromised PCs & IoT devices.

However, not all of them are malicious; retailers want good ones such as search engine and SEO bots. The challenge is differentiating the good from the bad – this is extremely difficult for a company on its own.

As a result, retailer’s IT security teams are often overwhelmed trying to identify and block the bad bots that are scraping and attacking their web site.

A recent independent survey found the most common challenges faced by retailers are: insufficient personnel (91%), insufficient budget (51%) and no understanding of how to protect themselves from cyberattacks (40%).

Some argue that tightened security and fierce regulations has hindered technology innovation, how can retailers still be innovative with data going forward?

In the past security was always seen as the department of NO, but recently companies have been building security into the development process, so that it no longer hampers innovation. In many cases this offers improved customer experiences; identity solutions that protect user information but also provide actionable marketing data, web site protection that can reduce fraud and account takeover without presenting a CAPTCHA.

How has GDPR impacted retail since its implementation?

Some retailers have become extremely conservative to the point where they have segmented access to their websites based on a visitor’s geolocation: a popular cosmetic retailer for example no longer allows European customers to access its US website and instead redirects them to its European sites as they do not want the US site to be “constrained’ by GDPR regulations.

I think of GDPR as like a traffic speed camera – they are put where accidents have happened, sometimes repeatedly. GDPR is just that, it is a great framework that tells people what they really knew all along – just as in that you should drive carefully, you should also really protect your personally identifiable information (PII) data.

Let’s talk about the data value exchange – have customers changed their attitudes towards swapping their email for 20% off their first order? And what are the customers willing to share their data for today?

They are more willing to provide their personal information provided that a) they deem cost savings worthwhile and/or information of value to them b) they are comfortable with what the retailer will/will not do with their data c) they have experience with that retailer and finally that retailer has never had a data breach.

Customers are becoming increasingly aware that their identity has value and expect retailers to respect that and respond accordingly.

Are millennials more likely to share data than Gen X? What about baby boomers? How do different customer segments approach data and customer experience differently?

Millennials who grew up in the digital age are more likely to share data than Gen X and Baby Boomers. However, it is unclear whether this is due to differing feelings of paranoia over the generations or an increased awareness of their own identity value.

Let’s look into a crystal ball, what should retailers be aware of from a security perspective in the coming years?

They will continue to be a top target for hackers, especially considering that eCommerce is expected to continue to grow. Global online retail sales are forecast to grow 18% to $3.46 trillion this year.

Retailers should seek a security partner, with global insight who can help them respond quickly to attacks such as DDoS, eSkimming, website attacks & phishing, so they can protect their business, their users, and their customers.

What is the buzzword circulating in the security industry that you wish you could ban from every future conference and meeting?

‘Zero trust’. This is used willy-nilly as catch-all phrase to solve many IT security problems. And it is frequently used without context. Although many retailers understand and realise the benefits associated with zero trust – connecting users to applications, rather than machines to networks – no retailer will have a 2020 project labelled zero trust! 

Brought to you by