Retailers get access to new security toolkit

Retail trade body the British Retail Consortium (BRC) has launched a new cyber security toolkit, developed alongside the National Cyber Security Centre (NCSC) to help its members take steps to reduce their chance of falling victim to a successful cyber attack.

Recognising the increased threat to retailers as more businesses shift their operations online during the Covid-19 pandemic – in May this year online sales accounted for a third of UK retail, compared to just under a fifth a year earlier – the Cyber Resilience Toolkit for Retail is described as an “actionable” guide specifically designed for people with no expertise in security, from those at the top of major retail enterprises down to small traders and startups.

Additionally, with processes across the supply chain rapidly digitising and greater dependence on automation technologies, the risk landscape facing retailers is now far broader than it was even a few months ago, making it crucial for them to keep on top of things.

“In recent months, the use of technology in the retail industry has evolved as retailers adapt to new consumer habits and the challenges of the pandemic,” said BRC chief executive Helen Dickinson.

“Last year, retailers spent over £186m on cyber security, but the growth in online selling means there is an increasing threat of new cyber breaches and sophisticated hacking techniques.

“As a result, retailers need to ensure their systems are watertight and up to date.”

The guide highlights the range of threats – such as ransomware, credit card skimming attacks and so on – faced by the retail sector, questions that need to be considered when developing cyber security strategies, and guidance on the essential protections retail organisations need to implement.

It also covers recommended actions for retailers to help them prevent breaches through stronger protections, mitigate breaches when they do occur, post-incident recovery, and encouraging a positive security culture.

“This toolkit, developed with the input of the National Cyber Security Centre, will ensure all retailers, no matter their size or level of cyber expertise, are well-equipped to face the challenge of cyber security,” said Dickinson.

“This is yet another example of the BRC supporting retailers through the ongoing digital transformation. Furthermore, consumers must also play their part, and more must be done to educate the public on basic cyber hygiene so that they are able to browse and shop safely,” she said

NCSC technical director Ian Levy said: “We want to keep shoppers’ data, identity and privacy safe, and to ensure that the retail sector is well equipped to face the cyber challenges associated with an ever-more digital world.

“The new BRC toolkit has been written in a way that is clear and concise so that it can be understood by retailers and those with a cyber specialism. I urge all key-decision makers in the industry to familiarise themselves with the toolkit and act on it.”

The full toolkit is available now for download here, while organisations of all stripes can access the NCSC’s expert advice and guidance on general cyber security issues at its website.