The increasing overlap between loss prevention and tech teams

As the retail threat landscape evolves, the role of loss prevention is changing — but not consistently in every retail organization. Gus Downing, president and publisher of the D&D Daily, thinks LP employees in both cyber threat analysis and incident response are not as involved as they should be — most of the time, they are brought in after the fact. “The speed of change and the number of new cybercrime risks alone is like nothing we’ve ever seen before,” he said at NRF PROTECT 2019. Downing went on to say that in the last 18 months, eight international cases identified 140,000 fraudsters for a total of $750 million in losses. In this environment, it is paramount that LP teams work in tandem with their company’s technology teams to stay ahead.

NRF’s 2019 National Retail Security Survey found that 89 percent of LP executives saw increasing overlap between retail LP teams and cybersecurity teams, but only 30 percent said they were regularly involved in cybersecurity issues. At NRF PROTECT, Downing and executives from Williams-Sonoma Inc., Dunkin' Brands and Jack in the Box discussed practical ways retail LP teams can work with technology teams.

Converging functions

“IT security has always protected the perimeter of our business from outsiders coming in — whether that’s malware or compromised emails,” said Gail Morris, Williams-Sonoma’s director of loss prevention, “and the loss prevention department has always protected the interior perimeter of the business.” As the two functions converge, Morris sees companies employing joint incident responses where both teams will be called upon.

David Johnston, senior director of loss prevention and corporate security at Dunkin Brands, said IT and LP are already working together. Johnston has seen transactional fraud incidents evolve from just credit card fraud to other forms including user authentication fraud, synthetic accounts, account takeover and credential stuffing both online and in the Dunkin mobile app. “If you don’t have that connection now [with the IT team],” Johnston said, “go out and extend the hand.”

Playing to strengths

LP can help IT understand company assets — for example, how store associates and call center employees use software and hardware — to aid deep dive investigations and ensure recommended solutions are relevant. Education is key to making a combined team work effectively: Johnston encourages his LP team to go through cybersecurity training and certification programs so they are well-versed in terminology and tactics. The IT teams at Dunkin Brands are also educated in interview tactics and investigation techniques, training that is normally designated for LP professionals. “The partnership needs to continue to grow,” said Jason Painter, enterprise security manager for Williams-Sonoma.

What’s in the future?

Morris said cybersecurity within an LP career path is still “untapped territory” for most, but the field is evolving and changing. “As everything goes more and more digital and online,” she said, “it’s going to be necessary for a lot of LP professionals to get on board with it.”

With increased access to electronics and more advanced tools that make it easier to steal or cause harm, “we’re having to ramp up our tools, tactics and procedures to keep up with the threat,” said Jack in the Box’s Chief Information Security Officer Terrence Weekes. The winning solutions will consolidate tools to perform both IT and LP functions at once.

For more coverage of NRF PROTECT, check out the recap including videos and news stories.

More from NRF NXT

Tips for building a data-driven culture
 
Employees at Zulily offices
Emerging tech brings more than just engineers together at Zulily.
Read more
9 women making waves in retail
 
Lockie Andrews of UNTUCKit
A look at the women taking the stage at NRF NXT
Read more
Is data a cost or revenue driver?
 
A man and a woman look at their smart phones
NRF NXT Preview: 6 ways data operates as a marketing channel.
Read more
Rothy’s formula for success
 
Rothy's shoes hanging on the wall in San Francisco store
Retail Gets Real episode 122: How the shoe retailer attracts fans and where the brand is headed.
Read more

More LP news

Balancing the threats and opportunities of AI
 
How security leaders can effectively support the innovative use of artificial intelligence and protect against risks.
Read more
Cargo theft trends and lessons learned
 
Experts from Walmart, NRS and the FBI discuss the latest trends and actions for retailers to protect themselves.
Read more
Lessons from a decade of cybersecurity collaboration
 
Senior technology executives and founding members share insights from NRF’s IT Security Council.
Read more