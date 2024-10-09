With the knowledge that a cyberattack is inevitable, NACS Show panelists share how retailers can prepare.

At a NACS Show educational session titled, “Cyberattacks are Not a Matter of If, but When,” a panel of experts spoke about how retailers can stay ahead when it comes to cybersecurity as cybercriminals continue to become more sophisticated and targeted with their attacks.

Panelists included: Andrew Buel, Special Agent, Las Vegas Cyber Task Force, FBI; Kara Gunderson, director, North America consumer payments and global financial services, Circle K; Todd McClelland, partner, cybersecurity, data privacy, AI and litigation practices, Sterlington Law; and Paul Suarez, vice president and chief information security officer, Casey’s.

When it comes to cyberattacks, operators need to be prepared and aware that an attack could happen at any moment.

“No one is immune to these attacks, and we must be prepared in case we are the next unfortunate victim,” said Gunderson.

The first step is to create a playbook — gather all the information you would need in the event of a potential cyberattack, including contact lists, notification obligations and much more. Figure out how you would proceed not only from the direct point of the breach, but also throughout the entire company. It is your responsibility to ensure that your employees are trained to identify potential suspicious activity.

Once that activity is identified, Buel highly recommends getting the FBI involved. Even before any kind of breach occurs, retailers should have established connections with the FBI and local law enforcement officials.

According to Buel, when it comes to wire transfer fraud, the FBI has a 75% success rate in getting money back from scammers, as long as the agency is identified within 2-5 days. Additionally, the FBI can provide information that would otherwise be completely unknown.

McClelland mirrored Buel’s thoughts, further emphasizing that law enforcement can be incredibly helpful when it comes to cyberattacks, from locating the cybercriminal to possibly remedying the situation.

Casey’s Servais said that these attacks are becoming more sophisticated, as criminals are now able to study the behavior of company personnel via channels like social media, email and other online forms of communication. By doing this, they can become better “actors” when attempting to extract information.

“Could you be attacked? Yes. Are you Being Attacked? Probably,” said Servais.

To combat this, he said, it starts with preparing before it becomes a real problem. Add increased protection, passwords, keep your software up to date and take note of potential weak points where scammers could potentially capitalize.

“Look at your company and how money is transferred — at the end of the day (cybercriminals) want to make money,” continued Servais.

All panelists agreed that when it comes to cybersecurity, preparation is key. Make sure that an action plan is already prepared so that when an attack occurs, not if, you will be ready to handle it.