We asked Chris Berry, PDI CTO and General Manager of Security, to provide her thoughts on key cybersecurity trends for 2023. Read on to get the latest updates on the evolving threat landscape and how retailers can reduce risk to better protect their customers and business assets.
Q: Let’s start with a fundamental cybersecurity question. Will we ever get ahead of the bad guys?
CB: History would tell us “no.” As much as some of us consider security to be a full-time job protecting our data and systems, cybercriminals are also working full time to exploit those systems through ransomware and other cyberattacks. So, we’ll always face that pressure to keep up and play defense. And now that we’ve seen a bit of the nation-state sponsored hacking that has become more lucrative, our job has gotten even harder.
I’ve been in the IT world for 30 years, and I’m still surprised every day at some of the stories coming from our security team. I can’t imagine how any business person without a security background could be expected to stay on top of the growing threat landscape.
You simply can’t be an expert at all things or do everything yourself—and that goes double for security, because there’s simply too much at stake for your business. I think that’s why leveraging managed security services is so important for many businesses.
Q: What’s the primary value of managed security services for retailers?
CB: The more innovations and technologies that retailers implement, the more effective they become. But adding technologies and devices can also create more risk as the threat landscape grows more complex. The Internet of Things is the shining example of that. All those devices add value for businesses and customers alike, but they must be secure.
If any devices connect to your point of sale or back-office systems, that’s one more point of vulnerability. If you’re trying to manage all of this security on your own, it can be extremely difficult. You can have the greatest cybersecurity tools in the world, but if you don’t have the human expertise and a broad perspective, you’re still at a disadvantage to cybercriminals and threat actors.
Working with a managed security services provider, or MSSP, gives you access to the latest tools, experts who know how to use them, and all the lessons learned from the broader market. Having a partner that’s solely focused on security lets your IT team focus on keeping your point of sale up and running—which should be your priority—because that’s how you make money.
Q: What are some of the bigger threats businesses should worry about in 2023?
CB: First of all, technology has gotten better, especially with AI, advanced machine learning, and automated tools. But as we look at cybersecurity trends in 2023, the core threat remains human error. It’s people not being diligent on the basics like clicking on phishing emails or not patching software systems against known issues.
Humans are still the number one reason we see data breaches. We all have to deal with information overload and more distractions by the day. Think of all the messaging platforms, email accounts, and personal devices you use every day. As we get more comfortable with technology, there’s a natural human tendency toward complacency. It’s natural to think that, if you’ve done something and nothing bad has happened, why would you start worrying about it now?
The human element is why businesses need strong security solutions, processes, and training as well as a commitment from the leadership team. For instance, we have a robust phishing training program at PDI, but we still see people click on things they shouldn’t. You always have to prioritize employee education and training, because it’s a constant uphill battle to overcome the human element when it comes to cyberthreat prevention.
Q: If a business has cyber insurance, do they still need to use security services?
CB: I’ll start off by saying that cyber insurance is not a cure-all for any type of business. With the growing number of ransomware payouts, the insurance companies are scrutinizing everything at a new level. It’s increasingly difficult to find insurance, it’s very expensive, and you have to jump through more hoops to get it. In most cases, you must verify that you have verified security tools and processes just to be eligible for it.
If you do get insurance and experience a breach, they might cover the initial cost of the damages or the ransom payout. But they’re not going to repair your brand’s reputation. And what about lost sales or all the extra resources you’ll need to recover data from backups and get your business running again?
There are a lot of financial impacts that aren’t covered by insurance. In some ways, cyber insurance should be a last resort. Another way of looking at it is, if you put all the money you’d spend on cyber insurance into cyberthreat prevention and securing your systems, you’d likely be much better off in the long run.
To learn more about additional 2023 trends, be sure to visit our Trends page.
You can thrive in today’s digital economy. Contact us today to learn how we can help you transform your business.