Guest Blog: Cyber security challenges for the retail sector

What does Alexis de Tocqueville, a mid-nineteenth century historian and political scientist, have to do with the WannaCry ransomware outbreak last May and cyber-commerce?

Well, in 1831 Alexis was sent by the French Government to examine the American penal system. In a way that all managers will find familiar, the 26 year old spent nine months mainly travelling around and enjoying himself.

Unusually, however, on his return Alexis began writing, publishing two volumes of what would become known as ‘[On] Democracy in America’. His described the concept of ‘enlightened self-interest’, which he saw as a predictor of future American economic success. At heart, it means working together and assisting others because by doing so we help ourselves. Or as, with rather more elegance, Alexis put it “….an enlightened regard for themselves [Americans] constantly prompts them to assist one another….”.

It’s a concept which is very relevant to cyber-security and -commerce.

Many IT infrastructures make use of similar building blocks, and a successful attack on one company might very soon be replicated across many. This ‘domino theory’ analysis of cyber attacks can be clearly seen across a vast range of examples, perhaps most famously in last year’s WannaCry outbreak.

Likewise, a successful strategy for dealing with an attack can very soon be deployed elsewhere and, if the flow of information is quick enough, systems can be secured long before they are compromised.

If the flow of information is quick and accurate enough, the response can beat the contagion, helping to minimising the effects of the attack well before the harm spreads too far.

But it requires an infrastructure and a culture that facilitate that sharing.

In terms of cyber-security, the National Cyber Security Centre (‘NCSC’), working with trusted partners such as the British Retail Consortium, have stepped in to create that infrastructure. It is called the Cyber Information Sharing Partnership – known as ‘CiSP’.  It provides its members with a platform to collaborate in a trusted, confidential, environment. CiSP members are experts drawn from leading-edge retailers and other businesses, academia and the UK’s critical national infrastructure. Part of the value is from learning across sectors.

Take up of CiSP has been strong, and there are now 4,000 visitors per month, a 43% increase in just over a year. The WannaCry outbreak is a great example of when CiSP came into its own: there were more than 23,000 visitors to the online platform, including 15,000 during the first weekend. CiSP was invaluable in providing up-to-the-minute mitigation advice and, as crucially, debunking false rumours.

There is clearly a case for looking at how that approach can move beyond cyber-security, enabling the UK’s technology and retailing ecosystems to better realise shared opportunities. Retail has scale, reach and many of the raw materials for making AI work, and is already innovating fast. Online sales are growing at a startling rate, making use of a much wider range of technologies, whilst traditional sales falter. UK technology firms can deploy cutting edge capabilities and draw on learning from across sectors to do things better and cheaper.

The work of tech UK and BRC on events like the ‘Cyber in the Digital Economy’ conference can help sustain a community of enlightened self-interest; the end result can only be good for both.

James Martin

Crime and Security Adviser, British Retail Consortium

FROM SOCIAL MEDIA

How to hire the RIGHT salesperson? Join us on 7 June @techUK https://t.co/voe78psqsy. We look forward to the presen… https://t.co/M2t0nj4MIs
Read Head of Cloud, Data Analytics and AI @ChannelSwimSue's comment on the House of Lords Science and Technology Se… https://t.co/I8I9v4CwX6
Setting up a 'returners programme' at your organisation is a great practical step to improve #diversity. Have a rea… https://t.co/F6Ok8abpil
Pick up your copy of the @raconteur special report on AI in the @thetimes and read this article where @techUKCEO di… https://t.co/hARTzv2uWn
.@techUKdepCEO when we talk about the internet and regulation, we are often conflating many issues. The Lord Commun… https://t.co/y8ZxRQmNZN
.@techUKdepCEO tells Lords Communications Committee that good regulation is welcome by the industry but must be pro… https://t.co/mUSdwBSkxp
Preparing your business for GDPR can be like a game of Jenga, say Alex Milner-Smith and Sean Dempsey from… https://t.co/AXVNImZ5zl
Tune in here https://t.co/K7GZj1kmKl at 3.30pm to watch Antony Walker @techUKdepCEO give evidence to the Lords Comm… https://t.co/DMki1zHFlS
On day two of techUK Data Protection Week we're focussing on the business sector. techUK Programme Manager for Fina… https://t.co/52hJX1hBAo