Jason James is the CIO at Aptos, a leader in unified commerce solutions. Cybersecurity is a critical concern for retail organizations, with breaches, ransomware, and data theft becoming increasingly common. Retail ranks as the third-most-targeted sector by cyber attackers, following financial institutions and healthcare. The average cost of a breach in the retail sector is $2.5 million per incident.
Retail technology leaders are now placing a heightened focus on enhancing their security posture due to the surge in cyber attacks, rising remediation costs, and stricter scrutiny from cybersecurity insurance providers. One key aspect of this focus is evaluating the cybersecurity practices and certifications of software vendors that retailers engage with.
When assessing the security capabilities of retail technology partners, there are three crucial factors to consider:
SOC 2 Certification: This voluntary compliance standard ensures that third-party service providers have adequate controls in place to protect their systems and services. Retail software vendors should ideally possess a current SOC 2 certification or have plans in place to obtain one. Retailers should review the scope and findings of the SOC 2 audit report to ensure alignment with their security requirements.
Cybersecurity Training: Continuous education and training on cybersecurity measures are essential for software vendor employees. Retailers should inquire about the frequency and extent of cybersecurity training provided to vendor personnel, including non-technical staff. It is also important to ascertain if software vendors have dedicated security teams with relevant certifications and training protocols.
Security Compliance and Maturity: While compliance with security standards is crucial, cybersecurity maturity involves a deeper commitment to security awareness and readiness. Retailers should inquire about the vendor's practices regarding penetration testing, simulated attack exercises, code scanning for vulnerabilities, and vulnerability remediation processes.
As the retail industry faces escalating cyber threats, retailers must prioritize internal cybersecurity measures and thoroughly vet the security practices of their technology vendors. Establishing a secure foundation with technology partners that prioritize certifications, ongoing training, and a culture of security awareness is paramount for long-term success.
Investing in software partnerships is a strategic decision that requires a strong and secure foundation to mitigate cybersecurity risks effectively.
