Cyber Risk Resources

Must-read educational content powered by the NRF Cybersecurity Advisory Group

NRF has partnered with leaders of the cybersecurity industry including members of the NRF Cybersecurity Advisory Group to share research, whitepapers and other resources for retail leaders.

Upskilling and Reskilling Your Workforce through Cyber Apprenticeships
 

Faced with workplace challenges brought on by COVID-19, retail employers must look to new cybersecurity to protect business and customer data. Though not a new concern, data security is becoming continually more important, so hiring the right cyber talent is essential. The retail industry can create new and cost-effective avenues toward bridging the cybersecurity workforce gap and help new candidates enter these critical occupations by leveraging this proven training model as a method to accelerate education, credentialing, and ultimate employment.

In partnership with the Purdue Cyber Apprenticeship Program.

 
2020 Data Breach Investigations Report Retail Version
 

The 2020 DBIR marks the 13th edition of the much-anticipated analysis of cybercrime trends across the globe.

In partnership with Verizon. 

 
2020 Mobile Security Index Retail Version
 

The 2020 Mobile Security Index features insights and industry expertise to help businesses adapt and be mobile threat ready. It shows businesses how they compare to more than 800 other organizations and offers recommendations for improving mobile security coverage.  

In partnership with Verizon.

 
Key considerations for software supply chain considerations in the cloud
 

Over the past few years, organizations have migrated their software supply chain operations to the cloud. In doing so, they face cybersecurity risks across various stages of the Software Supply Chain (SSC) lifecycle and are seeking cybersecurity best practices and frameworks. Cloud-based SSCs bring specific benefits to the table, but they also carry risks. Managing these risks will require a pragmatic approach to end-to-end cybersecurity. Learn more in this joint paper from PwC and Microsoft. 

Powered by PwC

 
DTI Pulse Survey: CISOs face an extreme test of resilience, plan to emerge stronger
 

PwC’s Digital Trust Insights Pulse Survey of 141 security and information leaders is akin to an after-action report on the first responses to the COVID-19 pandemic. How did they weather this extreme test of resilience? How are they rethinking their strategy and investments going forward? Today, CISOs and CIOs are adjusting to a different future. All but 2% of CISOs/CIOs plan shifts in cyber strategy.

Powered by PwC

 
Cyber Insurance: 6 questions every CEO, CFO and board will inevitably ask
 

It’s urgent to check on your cybersecurity insurance coverage now. The COVID-19 crisis, the worst recession in a century and social upheavals create fertile ground for more cyber attacks. And while the cyber insurance market is young, it's developing quickly. But the wrong kind or amount of coverage could be worse than having none at all. A false sense of confidence could end up costing your business more — or cause you to lose it altogether. Read on to find out if your coverage is right for your business.

Powered by PwC

 
5 Steps to Building a Fully Connected Approach to Fighting Fraud

As digital commerce in the U.S. grows, criminals are employing increasingly sophisticated tools to exploit points of weakness throughout the consumer journey. Prepare yourself to confront this threat with our new e-book. In 5 steps, we walk through how to begin building an insights-based digital security strategy that also improves the user experience. Each Step includes a useful checklist or real examples of impact to help you get started.

In Partnership with Mastercard.

 
Selecting a Trusted Cybersecurity Partner

This whitepaper will provide you with a view on what smart building owners should be aware of while in the selection process for new suppliers. It will touch on who is responsible for cybersecurity and will delvel into what could be done to be prepare for cyber threats in times of unrest due to environmental conditions. Moreover, the reader will have a glimpse on how emerging technologies play a crucial role in maintaining secure environments specially when coupled with strong polices and protocols. Ultimately, the reader will have a better understanding about cybersecurity and how to start to take a more proactive role in selecting, specifying and deploying physical security systems.

In partnership Johnson Controls - Tyco.

 
Retail's greatest innovator: COVID-19

This study aims to explore COVID-19’s immediate business impact, through an industry-focused lens, and offer strategies for retailers to thrive in a postpandemic world.

In partnership with goTRG.

 
How to Reduce eCommerce Chargeback and Fraud Costs

2020 has upended traditional commerce. While some models are failing, eCommerce channels have seen striking – and unexpected – growth. That growth, and the adoption of new models, means more fraud, chargebacks, and manual reviews, but without new resources. Every department is under pressure to grow ecommerce revenues, minimize damages from fraud and chargebacks, streamline operational costs, and deliver an exceptional customer experience. In short, businesses need to do more with fewer resources.

In partnership with Kount.

 
Privacy Programs
 

As retailers bring employees back to workplaces in the wake of COVID-19, a vaccine is still unavailable. Contact tracing in some form will be a key strategy to manage employees' health status and movements, preventing flare-ups in their facilities. But privacy specialists worry that without a national privacy law in place, contact tracing could gather more personal data on Americans than they realize. This article explores the possibility of a law and the related privacy implications.

Powered by PwC.

 
Shift left with IaC

This paper explores why organizations innovating in the cloud must address security issues before runtime. By proactively incorporating security and compliance through infrastructure as code templates much earlier in the CI/CD pipeline, security teams create better security experiences for DevOps teams, increase participation in and quality of security, and improve product security and quality.

In partnership with DivvyCloud. 

 
Cloud security in the customer experience

This guide offers information for retailers seeking to achieve the full benefits of cloud while ensuring security and compliance. It frames the challenges that many retailers face and explains how to build a roadmap to security and compliance using culture, frameworks, and systems.

In partnership with DivvyCloud.

 
Cloud Security for the Retail Sector
 

This report looks at the retail industry’s use of cloud services and examines the risks associated with migrating to cloud environments. It provides recommendations on how retailers can mitigate these risks, through tools and processes such as data inventories, strong identity and access management practices, data encryption and the use of cloud-based security tools.

In partnership with The Chertoff Group.

 
Phishing campaigns
 

Organizations that incorporate phishing exercises into their annual assessment of cybersecurity defenses are often faced with the question of whether or not their click rate is palatable or below the industry average. Is your company's click rate defensible?

Powered by PwC.

 
NY Shield Act
 

New York State’s new Stop Hacks and Improve Electronic Data Security (SHIELD) Act will have a broad impact simply due to the size of the state. Here’s what you need to know about this new privacy law.

Powered by PwC.

 
Meeting the needs of CCPA, consumers and the bottom line
 

Privacy regulation may sound onerous, but it doesn’t have to be. With the right approach, retailers and consumer-packaged goods (CPG) companies can deploy the latest data gathering and analysis tools, meet or exceed customer expectations for personalization and privacy, and comply with regulatory demands.

Powered by PwC.

 
US businesses doubt they will meet CCPA deadline
 

Only half of US businesses affected by the California Consumer Privacy Act of 2018 expect to be compliant by the 2020 deadline, according to a PwC survey of more than 300 executives at US companies with revenues of $500 million or more. Fewer than half of retailers count themselves among those that expect to be compliant in time. 

Powered by PwC.

 
Are we ready for the Fourth Industrial Revolution?
 

To make the most of the Fourth Industrial Revolution (4IR), companies must listen closely to their customers and employees. From smartwatches that measure your heart rate to artificial intelligence (AI) that monitors your bank account, digital technologies are changing our lives at home and at work. Consumer and employee comfort with—and trust in—4IR technologies will likely determine the potential opportunities for growth and efficiencies that these technologies can offer businesses. Indeed, PwC’s Consumer Intelligence Series found that while 4IR—also known as Industry 4.0—may be everywhere, not everyone is yet fully on board.  

Powered by PwC

 
Four Steps to Better Cloud Security
 

Cybercriminals are drawn to the cloud to exploit increasing amounts of valuable data. The challenge for your business: how to protect it all.  

Powered by PwC

 
Guide to a Passwordless Customer Experience
 

One way in which businesses have reacted to the rise in fraud (and the resulting loss of customer trust) is by requiring users to make their passwords more complex. However, to create a passwordless experience for your customers, the challenge is to not let the threat of breaches lull you into the false comfort of forcing stricter password regulations. Passwordless authentication starts with having the proper user context. Check out this interactive page to better understand the challenge between password frustrations vs. passwordless bliss and how IBM Security can help with your Digital Identity Trust journey. 

Powered by IBM

 
Ponemon Cost of a Data Breach
 

Mega data breaches are a growing problem and they aren't going away or getting any cheaper. How much would a data breach cost your organization? The average cost for a Retail organization in the United States is $6.4M, according to the 2019 Cost of a Data Breach Study by the Ponemon Institute sponsored by IBM. Click here to read the full 2019 report and learn insights specific to the Retail industry.

Powered by IBM

 
Top Policy Trends 2020: Data privacy
 

Fourteen months after the EU's General Data Protection Regulation (GDPR) took effect, the world of data privacy has shifted its focus from guidance to stepped-up enforcement. The large fines on three multinationals levied by two data protection authorities (DPAs) in 2019 are just the beginning. Will 2020 also mark the shift to consumers exercising their rights over their data?

Powered by PwC

 
Threat Intelligence for Retail Security
 

Data discovery solutions like Echosec enable retailers to find relevant threat data faster in a variety of online spaces. The company offers social media, deep web, and dark web monitoring tools, as well as a platform API that gives retailers direct access to data sources that are not searchable through most other commercial and official APIs. These solutions are focused on quickly gathering and assessing relevant threat intelligence from a variety of sources using AI and machine learning technology. This enables security teams to efficiently prevent, mitigate, and react to the major threats facing retailers today.

Powered by Echosec

 
The Risk of Client-Side Attacks on eCommerce Websites
 

With attacks on eCommerce websites on the rise, ensuring that your customers’ payment and personal information is protected should be a priority if you want to avoid the implications of a data breach.

Download this white paper to learn more about: 

  • Attacks on eCommerce websites including Magecart and Formjacking attacks
  • Approaches to mitigating website client-side attacks
  • Major implications of targeted attacks
  • Monitoring and detection methods

Powered by Source Defense

 

More resources

NRF Cyber Risk Exchange
 
Designed exclusively to help retailers defend against cyber threats.
Learn more
Cybersecurity
 
Read the latest articles and insights related to retail sector cybersecurity and learn how to get involved.
Read more
Retail Safety and Security Tools
 
Tools and research for retail loss prevention and asset protection professionals.
Access tools