Cyber security in the consumer sector
The security of digital technology is essential for a consumer sector business in order to protect its brand and support its financial sustainability. The pandemic has significantly disrupted this industry - including those producing packaged goods, food and beverages, clothing and electronics - forcing businesses to upscale and accelerate their digital transformation plans to remain agile, improve productivity, adopt better data analytics and expand through digital channels and platforms.
The role of cyber security as a value creator, protector and a business enabler has never been more relevant.
What does a cyber attack on the consumer sector typically look like?
The consumer sector is not alone in experiencing an increase in cyber attacks and it has specific areas of vulnerability.
Attacks are likely to result in the following events:
- compromise of personal and payment data: identity theft and payment card fraud continue to be a wide spread issue in the consumer sector
- reputational damage caused by the loss and misuse of customer data, resulting in loss of revenue from fines, or customers choosing to move to competitors due to a loss of confidence
- loss of business continuity through Distributed Denial of Service or Ransomware attacks
Cyber as a value creator
Despite the increasing threat landscape, there are also opportunities for companies in the consumer sector to leverage elements of cyber security to their competitive advantage.
Transparency: Being able to articulate to customers that cyber security is embedded into the business model can help build customer trust and loyalty. Customers expect their personal and payment data to be properly protected. Reducing identity fraud by ensuring strong authentication to online services will continue to play a key part in value creation.
Measuring return on investment: As well as being transparent with customers, quantification of cyber security risk and measuring risk reduction activities as well as return on investment are equally important in order to prioritise strategic investments.
Leveraging existing cloud security technologies: Whilst a lot of companies have already adopted cloud, security of business critical operations relating to e-commerce systems need to be re-assessed, in light of an expanding remote workforce, ensuring that existing technologies are fully maximised.
Proactive testing of cyber capabilities: Penetration testing will continue to be an indicator of how well companies are protected against the most common cyber attacks. More advanced proactive testing such as ’red teaming’ and Ransomware simulations can not only test protective technology but also how security teams and employees respond to cyber attacks, how quickly they are detected and whether response plans are robust to recover from incidents. In our experience, proactive testing should be based on genuine tactics, techniques and procedures used in the majority of the latest cyber attacks.
The strongest link in cyber security: As much as cyber security is about technology it is also about people, who are often regarded as the weakest link. Most cyber attacks do evolve exploitation of human factors, however, in our experience developing a positive security culture, recognising that people are the strongest assets, can play a big role in protecting the brand and separating companies from their competition.
For consumer businesses, regarding cyber security more as a function of value creation, rather than simply a protective process presents a range of opportunities to be explored and maximised.