PYMNTS-MonitorEdge-May-2024

Grocery Giant Ahold Delhaize’s Cyber Incident Signals Wider Digital Achilles’ Heel

cybersecurity

Digital infrastructures now sit at the heart of almost every business operation. While this interconnectedness has introduced efficiencies, it has also created new vulnerabilities.

A cybersecurity issue led to outages this month across swatches of grocery giant Ahold Delhaize’s 2,000 U.S. stores, leading to some pharmacy and eCommerce systems being pulled offline.

The grocery sector has undergone a digital transformation, integrating everything from self-checkout kiosks to eCommerce platforms and mobile apps. With these innovations come expanded attack surfaces, and in the case of Ahold Delhaize, known in the United States for its brands Food Lion, The Giant Company, Giant Food, Hannaford and Stop & Shop, the potential for damaging operational disruptions.

Ahold Delhaize released no additional statements about the cybersecurity issue beyond a Friday press release, a company spokesperson told PYMNTS.

However, the outage underscores a question that lingers over nearly every sector in today’s digital economy: Are companies prepared for evolving cyber threats?

Read also: AT&T Hacker Arrested: How the Cybersecurity Landscape Evolved Post-Snowflake Breach

Retail’s Digitization: A Double-Edged Sword

The retail industry operates on thin margins and high customer expectations, and cyber setbacks underscore the fragile balance that companies must strike between customer convenience and cybersecurity.

PYMNTS Intelligence found that grocery buyers tend to show more affinity toward merchants than products, with 53% saying that they are more loyal to merchants than products, and 35% expressing more loyalty to products than merchants. However, that loyalty can waver when businesses suffer cyber breaches.

With cyberattacks now possible at a scale many businesses may not be equipped to address, companies must prioritize security from the top down. A robust cybersecurity strategy involves continual training, layered security protocols, and an incident response plan that is regularly tested.

“The barrier for entry has never been lower for threat actors,” Discover Global Network Chief Information Security Officer Sunil Mallik told PYMNTS in July.

In an age where a click or a tap makes the difference between gaining and losing a sale, cybersecurity is a defining factor in how customers perceive and trust a brand. Retailers must view cybersecurity as a continuous journey, requiring investment in artificial intelligence-driven fraud detection and partnerships with cybersecurity experts who can provide updates, insights and rapid responses when incidents occur.

Ultimately, successful perimeter defense isn’t just about the tech; it’s about the ongoing commitment. Cyber threats are evolving as quickly as the tools used to combat them.

“You may not have realized it yet, but they’re going to hit you,” Amount Director of Product Management Garrett Laird told PYMNTS in August, adding, “the fraudsters are jerks — and they like to hit you on holidays and on weekends, at two in the morning.”

See also: CFOs Suit Up for Cyberwar as Risk Management Evolves

Financial Services: Setting the Bar for Resilience

Among the sectors that have taken heed of cybersecurity challenges, due in part to regulatory pressure and the high stakes involved, financial services stand out. Financial institutions are well-acquainted with cyber threats and regulatory oversight, which pushed the sector to prioritize resilience, establish multilayered defenses and conduct regular stress tests. Many banks now have dedicated incident response teams that operate 24/7.

Even with these safeguards, however, no sector is invulnerable.

In separate interviews for the “What’s Next in Payments” series, a panel of executives explained to PYMNTS that a multilayered security strategy, also known as defense in depth, reduces risks at various levels. This approach means implementing multiple defensive measures across the enterprise network.

The Clearing House Chief Information Security Officer David Drossman described it to PYMNTS in August as building a “labyrinth of control” to offset the damage, even if one layer fails.

Among firms experiencing high uncertainty, 62% of heads of payment reported frequently delaying or canceling new projects to manage fraud risk, according to PYMNTS Intelligence.

“We’ve needed to rethink, from the ground up, how we architect security,” Mastercard Chief Product Officer Jorn Lambert told PYMNTS TV in October.

PYMNTS-MonitorEdge-May-2024