Retailers need to get real about security – Lou Shipley

MIT Sloan Lecturer Lou Shipley

MIT Sloan Lecturer Lou Shipley

From Xconomy

It seems a distant memory now. In December 2013 – light years ago in technology time – the retail giant Target disclosed a massive software security breach of its point of sale systems. The bad guys fled the virtual premises with the credit card information of 40 million customers. This astounding number would later rise to 70 million customers.

Target’s embarrassment, its loss of market share, its brand erosion, and its legal costs to settle claims collectively should have served as a nerve-jangling wakeup call for retailers large and small nationwide.

It would be hopeful to believe that retailers learned from Target’s data breach, but in fact the opposite has happened. In 2016, retail software security breaches were up 40 percent over the prior year and in 2017 the following familiar brand names suffered breaches – Sonic, Whole Foods Market, Arby’s, Saks Fifth Avenue, Chipotle, Brooks Brothers, Kmart, and Verizon. Retail software security is getting worse, not better, and the dismal trend seems likely to continue in the near term. Why?

The number of virtual burglars continues to increase along with their level of sophistication in finding ways to exploit software security vulnerabilities. At the same time, securing software is both difficult and costly. Because retailers know they cannot stay in business without online customers and fast point of sale systems, they invest time and money on revenue-generating technology. Software security is defensive and does not produce revenue, and as a result, is often a low priority.

Finally, and perhaps most alarmingly, reports of retailers’ software security failures are so frequent and widespread that consumers are increasingly inured to them. The convenience of doing business online trumps their fears of data theft or privacy invasion.

For this discouraging security situation to improve, retailers must be willing to change their mindset – to think and act not only like a retailer, but also like a software company. To do so they need to look no further than to one of the world’s leading software companies, which is also the world’s #1 online retailer.

Read the full post at Xconomy.

Lou Shipley is a lecturer at the MIT Sloan School of Management.

Leave a Reply

Your email address will not be published. Required fields are marked *