How to protect your company from cyberattacks

NRF Retail Converge: Former NSA director discusses disruptive cyber threats

In a session at NRF Retail Converge, Admiral Mike Rogers, former director of the National Security Agency, discussed cyber threats and risks with Matt Dunlop, chief information security officer at Under Armour.

Dunlop kicked off the session by noting that he hears about a cyberattack seemingly every day. Rogers agreed, saying that in the past few years, many U.S. companies have been the target of cyberattacks, often resulting in leaked data and hefty ransom payouts. With increased remote work during the pandemic, the frequency has only increased.

NRF Retail Converge

Watch this NRF Retail Converge session and others on demand until July 25.

The more attacks that happen, the more media coverage they receive, which includes sharing the ransom payout the attackers received. That just incentivizes criminals to continue targeting large companies, Rogers pointed out. But despite these criminals receiving millions of dollars, only 8 percent of companies get their data back.

That loss of data is particularly potent for retailers, as their reputations and revenue can be impacted by a cyberattack. “As you look across the retail space,” Dunlop said, “if you can impact our ability to pick, pack, and ship, you can impact our revenue.” 

While most companies are spending their money and efforts on a cyber defense system, Rogers said a focused adversary has a high probability of success no matter how much money is being spent on defense.

“Cybersecurity needs to include both cyber defense and cyber resiliency,” Rogers said, explaining that companies can not only prevent attacks but take action during them.

One major component is understanding the network structure inside and out. Rogers said he has seen cross-connects between business and IT sides of a network that employees are unaware of, which leaves them vulnerable. “You cannot defend what you cannot see,” Rogers said. “The cyber security strategy will be flawed if you don’t know the gaps.”

Part of understanding those gaps is recognizing the human element of cybersecurity. Cyber professionals must find ways to explain complicated issues in ways non-cyber professionals can understand. Every individual in an organization plays a part in strengthening cybersecurity, Rogers said, but they can also easily undermine it if they do not understand what a cyberattack might look like.

Rogers closed the session on a positive note, noting the increased awareness of cyberattacks, and emphasized the need to move beyond awareness and figure out new solutions.

“Continuing to do the same, but expecting a different outcome is ridiculous,” he said.

Related content

Wayfair and Sally Beauty meet their customers where they are
 
Wayfair and Sally Beauty at Converge
NRF Retail Converge: Innovators from Wayfair and Sally Beauty on being one step ahead in AR and 3D.
Read more
Resale as a powerful customer acquisition tool
 
Converge resale
NRF Retail Converge: Leaders from Arc’teryx and REI on the business case for resale.
Read more
How Gen Z is driving the future of retail
 
Maryleigh session
NRF Retail Converge: Insights and trends from the digitally native generation.
Read more