One Step Beyond Cyber
Welcome to One Step Beyond Cyber, the ultimate IT and cybersecurity podcast that's sure to keep you on the edge of your seat! Whether you're a tech guru or a total newbie, our hosts Scott Kreisberg, and Tim Derrickson will make sure you're entertained and educated every step of the way.
As technology advances, it can be challenging to keep up with the latest trends and developments. Don’t worry, our hosts are here to help! They will discuss real-world IT-related problems and solutions, as well as provide tips for simplifying tech.
Whether you're a business owner, IT professional, or someone interested in navigating the cyber world — this podcast is for you. We understand the challenges of managing technology, and we're here to help. Sit back, relax, and join us as we dive in, providing you with the knowledge and tools you need to succeed in this rapidly evolving field. Subscribe now and become a part of the One Step community!
One Step Beyond Cyber
Ep 8: How to deliver Omni’s Promise? Technology & Operations All Together
Welcome to One Step Beyond Cyber Podcast – where we dive deep into the dynamic world of data and its pivotal role in shaping the future of business. They say data is the new gold, and indeed, it's been argued that a business's data is even more valuable than the precious metal itself. Today, we embark on a journey to unravel the complexities surrounding technology, omnichannel experiences in retail, and the imperative task of safeguarding your invaluable business data.
In Episodes 6 and 7, we tackle the fundamental promise of omnichannel and dissect why physical stores play a crucial role in this interconnected landscape. We explore the triad of technical, operational, and security components that constitute the omnichannel framework.
Join us as we break down the technical intricacies – understanding what makes omnichannel a technological marvel and how it influences the overall retail experience.
Moving forward, we delve into the operational components of omnichannel. What strategies can businesses employ to seamlessly integrate and manage omnichannel operations, ensuring a cohesive and efficient customer journey?
One of the burning questions in everyone's mind is the cost, benefits, and risks associated with adopting omnichannel as a core business strategy. In this Episode, we address these concerns head-on, providing insights into the multifaceted aspects of this strategic decision.
As we navigate the ever-evolving landscape of technology, we shine a light on the prevalent security risks businesses face today. How have these risks evolved over the years, and what proactive measures can organizations take to fortify their defenses?
And speaking of security, we zone in on PCI compliance – discussing crucial considerations from a business perspective. What are the key elements to keep in mind, and how does PCI compliance contribute to the overall security architecture of your business?
Join us on this enlightening journey, demystifying the world of omnichannel retail and helping you navigate the challenges while safeguarding your most precious asset – your data. Tune in, stay informed, and let's unravel the secrets of business in the digital age together!
Podcast Video One Step Secure IT - YouTube
Learn about our services https://www.onestepsecureit.com/
Host by:
Scott Kreisberg - CEO & Founder of One Step
Tim Derrickson - Sr. vCIO/vCSO- CISSP
Produced by Genesis Aquino
Music Production by Michael Stevens
----
LinkedIn:
https://www.linkedin.com/company/onestepsecureit/mycompany/
Facebook:
https://www.facebook.com/OneStepSecureIT
Twitter:
https://twitter.com/onestepsecureit
1
00:00:00,000 --> 00:00:03,840
Data is the new golden business.
2
00:00:03,840 --> 00:00:09,360
In fact, it's been said that a business's data is worth more than gold.
3
00:00:09,360 --> 00:00:15,120
Now, we're here today to explore and unpack the challenges that arise with technology
4
00:00:15,120 --> 00:00:21,600
and try and deliver the omnichannel experience in retail while at the same time protecting your gold.
5
00:00:25,840 --> 00:00:31,360
I'm your host Scott Kreisberg and in this episode Kevin McAdden is going to be joining us
6
00:00:31,360 --> 00:00:36,400
to close out our retail series on the broken promises of the omni.
7
00:00:36,400 --> 00:00:41,360
Roman Satin is joining us as well as our resident PCI expert.
8
00:00:41,360 --> 00:00:46,240
And he's going to help clarify any questions we have about both technology and compliance.
9
00:00:46,240 --> 00:00:50,960
Now, if you haven't listened to episodes six and seven,
10
00:00:50,960 --> 00:00:54,160
you're going to be missing out on a lot of valuable information.
11
00:00:54,160 --> 00:00:58,160
So I really recommend that you go back and you check them out.
12
00:00:58,160 --> 00:01:01,600
And if you go to our website at onestepsecureit.com,
13
00:01:01,600 --> 00:01:05,600
they'll be there for you to listen to and enjoy.
14
00:01:05,600 --> 00:01:12,240
Now, before we dive in, Roman, I'm going to let you take the honors of telling our viewers
15
00:01:12,240 --> 00:01:13,280
what our disclaimer is.
16
00:01:13,280 --> 00:01:19,120
All right, well, speaking of gold, I just want you to know that the purpose of this golden podcast
17
00:01:19,120 --> 00:01:24,000
is to provide news and information on cybersecurity and technology law and regulations.
18
00:01:24,480 --> 00:01:30,320
And all data provided on this site is for informational purposes and should not be considered
19
00:01:30,320 --> 00:01:32,560
legal advice or legal tender.
20
00:01:32,560 --> 00:01:35,440
Wow, you almost sound like an attorney.
21
00:01:35,440 --> 00:01:36,960
That's great.
22
00:01:36,960 --> 00:01:37,920
Thank you, Roman.
23
00:01:37,920 --> 00:01:43,680
All right, today's episode of the focus is, is the risk risk worth the reward?
24
00:01:43,680 --> 00:01:50,000
So let's dive right into it and let's see if data is the new goal for businesses and why.
25
00:01:50,640 --> 00:01:57,120
Now, I'd like to start this episode off with what's the actual promise of Omni?
26
00:01:57,120 --> 00:02:02,400
And you know, our store is still important with this whole Omni thing.
27
00:02:02,400 --> 00:02:04,480
Kevin, I'm going to toss that over to you, buddy.
28
00:02:04,480 --> 00:02:06,720
Thanks, Scott.
29
00:02:06,720 --> 00:02:07,760
And thanks for having me again.
30
00:02:07,760 --> 00:02:13,360
Yes, I think stores are extremely important to Omni.
31
00:02:13,360 --> 00:02:19,440
I actually just spoke to a group of cutting-edge merchants about a month ago on the topic.
32
00:02:20,320 --> 00:02:25,520
And there's some recent information, even since the last time we spoke on this topic that came out
33
00:02:25,520 --> 00:02:32,000
that predicted, this is Forester actually predicted that offline retail sales, meaning those not online.
34
00:02:32,000 --> 00:02:36,640
They're going to surpass 4 trillion by 2028.
35
00:02:36,640 --> 00:02:42,720
And that US offline sales will make up 72% of the retail market.
36
00:02:42,720 --> 00:02:47,360
So I think if anything that might reinforce what we've been talking about,
37
00:02:47,360 --> 00:02:53,040
that this last push into digital over the last several years while amazing and very innovative,
38
00:02:53,040 --> 00:02:57,840
also is leading back to a renaissance in the stores.
39
00:02:57,840 --> 00:03:00,800
And so I think Omni channels definitely worth it.
40
00:03:00,800 --> 00:03:04,960
This article happened to go on to talk about some of the challenges that these brands meet.
41
00:03:04,960 --> 00:03:07,600
And I know you'll probably ask a little bit more about that too.
42
00:03:07,600 --> 00:03:13,120
But to answer your question directly, I think clearly stores are big and Omni channel is big
43
00:03:13,120 --> 00:03:16,720
being able to serve online and offline customers.
44
00:03:16,720 --> 00:03:21,520
Awesome. Yeah, is that maybe chance you haven't got a best-of-growing number or is it less shrinking?
45
00:03:21,520 --> 00:03:24,480
71% is growing.
46
00:03:24,480 --> 00:03:27,680
Definitely, heavily growing.
47
00:03:27,680 --> 00:03:30,720
Yeah, especially after the last two, three years of COVID.
48
00:03:30,720 --> 00:03:34,880
But even before that, definitely growing over pre-COVID levels too.
49
00:03:34,880 --> 00:03:37,200
That's great. That's interesting. It's really interesting.
50
00:03:37,200 --> 00:03:42,480
It's great. I could say the shopping centers in my area, I mean I can't get a parking spot.
51
00:03:42,480 --> 00:03:44,960
So people are out shopping.
52
00:03:44,960 --> 00:03:46,400
All the way seasoned. So yeah.
53
00:03:46,400 --> 00:03:50,640
Well, the other interesting thing, this article talked about with regards to the physical stores is that
54
00:03:50,640 --> 00:03:56,960
what you're talking about there. But even Walmart CEO had been on record recently saying that his stores
55
00:03:56,960 --> 00:04:00,320
are key nodes in their Omni channel business.
56
00:04:00,320 --> 00:04:03,280
Meaning like, I mean, that's Walmart. So it's a different kind of retailer.
57
00:04:03,280 --> 00:04:08,640
But still, they've got distribution all over the country, all over the world.
58
00:04:08,640 --> 00:04:09,440
Absolutely.
59
00:04:09,440 --> 00:04:10,320
All right, cool.
60
00:04:10,320 --> 00:04:17,600
In a couple of the earlier episodes, you had mentioned that there are technical,
61
00:04:17,600 --> 00:04:24,400
operational, I believe you said security components to this Omni channel experience.
62
00:04:24,400 --> 00:04:26,080
Let's see if we can't break that down.
63
00:04:26,080 --> 00:04:33,040
What's the technical components, Roman, you're our resident compliance and technology person
64
00:04:33,040 --> 00:04:34,400
on this one? Why don't we start with you?
65
00:04:34,400 --> 00:04:36,160
Sure, sure, not a problem.
66
00:04:37,200 --> 00:04:43,520
Well, the biggest technical component I can tell you for all walks of retailers,
67
00:04:43,520 --> 00:04:47,520
retailers, Omni channel, everything is customer data, right?
68
00:04:47,520 --> 00:04:53,120
That is what all of the compliance, all the regulations and frameworks are looking to protect,
69
00:04:53,120 --> 00:04:58,160
which means all of these stores now have to take into consideration.
70
00:04:58,160 --> 00:05:00,720
Where do they store that data?
71
00:05:00,720 --> 00:05:03,680
You know, once upon a time, it was just in your point of sale system.
72
00:05:04,400 --> 00:05:08,960
And then, you know, if you had an retailer, it was just in the cloud somewhere, that
73
00:05:08,960 --> 00:05:10,880
nebulous word in the cloud we used.
74
00:05:10,880 --> 00:05:15,600
When you start marrying those together, you really start looking at a challenge.
75
00:05:15,600 --> 00:05:20,480
And I think Kevin's spoken about this before, if where, how do you cross that data?
76
00:05:20,480 --> 00:05:25,920
If I bought in your store, does that mean I can buy online with the same data and vice versa?
77
00:05:25,920 --> 00:05:32,800
So the technology aspect of it really is trying to find out, do you have an on-site database?
78
00:05:33,360 --> 00:05:35,040
Do you put that into the cloud?
79
00:05:35,040 --> 00:05:40,320
And not only do you have that type of hardware or software solution, you also look to,
80
00:05:40,320 --> 00:05:41,600
how can I secure that?
81
00:05:41,600 --> 00:05:45,600
So again, security methodologies now start putting into that, which
82
00:05:45,600 --> 00:05:47,920
in themselves is its own technology.
83
00:05:47,920 --> 00:05:52,320
So it's a fascinating thing that they have to do with our data.
84
00:05:52,320 --> 00:05:52,560
Yeah.
85
00:05:52,560 --> 00:05:55,840
So, yeah, there's a lot to think about there.
86
00:05:55,840 --> 00:06:03,280
And, um, probably should seek out some professional advice when, when thinking about this,
87
00:06:03,280 --> 00:06:06,080
um, yeah, so Kevin, do you have anything you want to add to that?
88
00:06:06,080 --> 00:06:07,840
Yeah, absolutely.
89
00:06:07,840 --> 00:06:13,520
Because I think that, you know, we talked about some of the technical and the operational
90
00:06:13,520 --> 00:06:19,760
challenges before and happy to dive into those again, but I think from a data perspective,
91
00:06:19,760 --> 00:06:21,600
data is the core of OmniChannel.
92
00:06:21,600 --> 00:06:25,120
And criminals are definitely taking advantage of it.
93
00:06:25,120 --> 00:06:31,040
Retailers have had a huge amount of cybercrime, small meeting business in general has,
94
00:06:31,040 --> 00:06:37,040
but retailers in particular, and I was reading a study recently about like where they were getting,
95
00:06:37,040 --> 00:06:41,520
and it was the, the majority was from exploited vulnerabilities, meaning some known
96
00:06:41,520 --> 00:06:43,280
vulnerability and some software.
97
00:06:43,280 --> 00:06:51,280
And retail was significantly higher, uh, risk of those attacks than kind of a cross-sector
98
00:06:51,280 --> 00:06:54,080
section of the rest of the average of businesses there.
99
00:06:54,080 --> 00:07:00,720
And when I dug a little deeper into it, 71% of the time in an attack that kind of outcome of
100
00:07:00,720 --> 00:07:06,320
the attack was that the data was encrypted because there's all this data, like Roman said,
101
00:07:06,320 --> 00:07:10,960
there's all this data, customer data, in particular, which there are so many states and,
102
00:07:10,960 --> 00:07:17,600
and not to mention federal and, you know, just best practices of not breaching customer data.
103
00:07:17,600 --> 00:07:22,240
I think something like over 80% of customers said they'd stop doing business with a brand
104
00:07:22,240 --> 00:07:23,520
that breached their data.
105
00:07:23,520 --> 00:07:25,600
So the criminals are getting it.
106
00:07:25,600 --> 00:07:28,640
They're like exploitive vulnerabilities, get their data,
107
00:07:29,360 --> 00:07:33,600
customers ain't having it. So yeah, that's a, it's a huge risk to it on top of the
108
00:07:33,600 --> 00:07:36,160
technological and, um, and operational.
109
00:07:36,160 --> 00:07:39,040
So there's this benefit, absolutely that we just talked about,
110
00:07:39,040 --> 00:07:44,800
but there's also a, a, a risk that has to be adjudicated as you go into the omnichannel world.
111
00:07:44,800 --> 00:07:48,320
Interesting. All right. Yeah, you just mentioned, um, operational components,
112
00:07:48,320 --> 00:07:51,680
they're in any particular, you want to discuss there?
113
00:07:51,680 --> 00:07:57,040
Yeah, I think, you know, a lot of times people just think this is a systems issue or, or just
114
00:07:57,040 --> 00:08:02,240
don't think about it at all, but, um, that, uh, they just like, oh, turn that button on the website,
115
00:08:02,240 --> 00:08:08,400
right? I mean, that happens more than more than we would all like to know, but like, um,
116
00:08:08,400 --> 00:08:15,120
you know, by nature, different aspects of a retailer's business are siloed, not just technologically
117
00:08:15,120 --> 00:08:21,360
siloed, although they are, but even operational, they're siloed. The way, um, online merchants,
118
00:08:21,360 --> 00:08:28,480
digital merchants think about retail is different than those that work in stores, um, or those
119
00:08:28,480 --> 00:08:32,720
that work in the warehouse, they just think about things differently, though, they're not the same team,
120
00:08:32,720 --> 00:08:39,040
they're different teams. Operationally, they are by nature, they're siloed. And so you'll have like,
121
00:08:39,040 --> 00:08:44,480
systems show this up and we talked about this before that you'll have certain technologies that
122
00:08:44,480 --> 00:08:49,200
evolved as an online technology, and then they go and they say, oh, yeah, you can open up a
123
00:08:49,200 --> 00:08:54,240
store with POS, but then they don't think of inventory as a thing that exists in
124
00:08:54,240 --> 00:08:58,880
spasically different places. And how do you get the order to those places? Because,
125
00:08:58,880 --> 00:09:03,600
to an online merchant, inventory is inventory. I got a hundred of them. I'm going to sell them,
126
00:09:03,600 --> 00:09:09,120
but if those hundred are split out amongst 16 stores, well, how you gonna fulfill them is very
127
00:09:09,120 --> 00:09:14,240
different. So I think that's high level, but it speaks to the kind of the technological challenges,
128
00:09:14,240 --> 00:09:20,080
but also the operational challenges. It takes a cohesive kind of melding of the teams to make sure
129
00:09:20,080 --> 00:09:24,080
that even the teams themselves are thinking about these things differently and what decisions they
130
00:09:24,080 --> 00:09:31,600
make have ramifications downstream or upstream throughout the organization. Yeah, um, yeah, yeah.
131
00:09:31,600 --> 00:09:37,040
I'd like to jump in for a second because it's, uh, it's interesting Kevin that used the silo. I was
132
00:09:37,040 --> 00:09:42,720
recently at a cybersecurity summit in Scottsdale, and we were talking about just that to where
133
00:09:43,360 --> 00:09:48,720
you have, um, and people do an inventory and receiving. You have salespeople, you have, uh,
134
00:09:48,720 --> 00:09:54,320
middlemanage. We have all these different silos that are doing their jobs, right? So they're doing
135
00:09:54,320 --> 00:09:59,280
their job. Yeah. And then as an upper management looks at it and says, great, everything's doing their
136
00:09:59,280 --> 00:10:07,200
job, but they don't see the gaps in between the silos. So it starts putting together a, um,
137
00:10:07,200 --> 00:10:12,800
a point of view that you need from somebody coming outside to look at your organization,
138
00:10:12,800 --> 00:10:18,960
to make sure that you are doing that crosswalking of silos to where those gaps aren't getting wider,
139
00:10:18,960 --> 00:10:24,560
even though they're doing their jobs. There might be some sort of security there or something that needs
140
00:10:24,560 --> 00:10:31,040
to happen in between there to make that customer data a little safer, um, to educate the staff.
141
00:10:31,040 --> 00:10:36,160
And that speaks to a lot of, uh, culture of, uh, of the company, which usually comes from the top
142
00:10:36,160 --> 00:10:42,880
down. It does. It has to come back to talk down culture and testing. Test, test, test, test,
143
00:10:42,880 --> 00:10:52,480
test these things. Absolutely. And back up, back up, back up, back up. Uh, well, this episode is,
144
00:10:52,480 --> 00:10:59,760
you know, very, uh, centered around the cost, uh, and the benefit of this technology, um,
145
00:11:00,480 --> 00:11:07,760
with regards to what risks you guys have been, uh, talking about. And so, um, what would you say,
146
00:11:07,760 --> 00:11:17,520
the cost, uh, benefit against the risk, uh, for opting to do, uh, OmniChannel is one, uh,
147
00:11:17,520 --> 00:11:22,240
considerate these options. I think the, God, you, you first on this one,
148
00:11:22,240 --> 00:11:30,320
run, go ahead. Okay. Yeah. Cause I honestly, I think the, the cost benefit is totally outweigh, um,
149
00:11:30,320 --> 00:11:36,080
having on the, on the, on the cost side versus what you're risking. I mean, um, with certain compliance,
150
00:11:36,080 --> 00:11:42,960
I've seen people, uh, companies that are obviously getting sued. I've seen, uh, owners take personal
151
00:11:42,960 --> 00:11:47,760
liability because they didn't follow certain frameworks. We see this in the news every day.
152
00:11:47,760 --> 00:11:54,160
So having your cost of, say, storage space in the cloud or whether it's on premises, um, cost of
153
00:11:54,160 --> 00:11:59,680
security, getting somebody that knows what the frameworks are. They know how to implement solutions
154
00:11:59,680 --> 00:12:07,520
and they can work with the team of technology people, engineers to secure you is far gonna outweigh,
155
00:12:07,520 --> 00:12:13,120
the, you know, um, then getting breached, getting your name in public. Because it's hard to come
156
00:12:13,120 --> 00:12:18,800
back from that. I mean, Kevin already, uh, told us and, you know, that people will stop shopping with you
157
00:12:18,800 --> 00:12:24,240
if there's a breach and their information's out there. So realistically, just get, get a partner
158
00:12:24,240 --> 00:12:29,360
that can help you define what you need that's right for your organization. And I think the costs
159
00:12:29,360 --> 00:12:34,800
are pennies on the dollar. So you're saying, do it right, but it's well worth it. Absolutely.
160
00:12:34,800 --> 00:12:40,160
All right. Cool. I was going to say something similar. Scott. Yeah. I mean, I would say the, the,
161
00:12:40,160 --> 00:12:46,160
the benefits are clear. Um, the, the brands that are doing it right are excelling. They, they really
162
00:12:46,160 --> 00:12:52,400
are. They are, they are excelling. The market is growing like crazy. Um, and it's, it's honestly,
163
00:12:52,400 --> 00:12:57,280
it's a very achievable thing, but it does, to your point and to Romans point, it takes a thoughtful
164
00:12:57,280 --> 00:13:03,200
approach and it takes, um, you know, uh, uh, a company wide, like a cultural thing, or you're, we're
165
00:13:03,200 --> 00:13:10,000
going to be omnichannel. And, um, a sloppy approach can definitely lead, lead, lead to trouble. Um,
166
00:13:10,000 --> 00:13:14,320
that, that article, the, the, the forced reminds me about talked about brands that were online that
167
00:13:14,320 --> 00:13:20,560
moved into retail, but, but didn't like fill those gaps to, to your point, Roman, and they struggled.
168
00:13:20,560 --> 00:13:23,840
And, and there is definitely some bankruptcies that have gone through out there. And I think we
169
00:13:23,840 --> 00:13:28,560
talked about a, uh, retail that I worked with personally that I saw that just kept throwing people
170
00:13:28,560 --> 00:13:33,040
at the problem instead of fixing the technology. And at some point, that's a lot more expensive
171
00:13:33,040 --> 00:13:38,720
than fixing the technology. So are there risks? Yes. And are there challenges? Yes. But they're
172
00:13:38,720 --> 00:13:43,520
overcomeable with the right expertise and, and man, those brands that are, that are growing,
173
00:13:43,520 --> 00:13:49,040
you're seeing multiples and multiples of growth, uh, as a result. Correct. All right. So risk
174
00:13:49,040 --> 00:13:55,120
and reward. So risk is there, but, but then it's, it's done properly. Then that risk is down here,
175
00:13:55,120 --> 00:14:03,760
and the reward is, is, is much higher. Um, let me ask you guys a question. Um, there are, uh,
176
00:14:03,760 --> 00:14:08,560
you know, security risks with any technology. And, um, what, what, what, what, what are some of the
177
00:14:08,560 --> 00:14:14,000
security risks that people are facing today retailers are having to deal with today? And, um,
178
00:14:14,000 --> 00:14:19,120
how are they evolving? You know, are they, are they getting, you know, more challenging for them?
179
00:14:19,120 --> 00:14:22,800
Are they be getting, are they getting easier for them to handle? Like tell us a little bit about
180
00:14:22,800 --> 00:14:30,000
that. Kevin, you had the mic, so why don't you tell us? Sure. I think, um, the specific challenge that
181
00:14:30,000 --> 00:14:36,240
I think a lot of, um, a lot of the small, medium businesses in general are facing and a lot of
182
00:14:36,240 --> 00:14:43,680
retailers in particular are the complexity of, of, of technology that doesn't seem complex yet.
183
00:14:43,680 --> 00:14:48,960
It really is. Um, online is a great example, like to actually run an effectively commerce site.
184
00:14:48,960 --> 00:14:54,800
It's not just one piece of software. It's dozens of pieces of software that are all working together.
185
00:14:54,800 --> 00:15:00,160
Like, um, we go online and we turn this app, I, I, I joked about earlier, check this box, check that box.
186
00:15:00,160 --> 00:15:04,720
It really is that easy on an online site to go, oh, plug this partner in, plug that partner in,
187
00:15:04,720 --> 00:15:11,680
and they literally have dozens of third-party apps that make the experience for us as a consumer
188
00:15:11,680 --> 00:15:17,680
what it is. But the challenge with that is that the, the, the, the bad actors, the hackers, the
189
00:15:17,680 --> 00:15:23,120
criminals, they're now starting to realize that each one of those represents potential vulnerabilities
190
00:15:23,120 --> 00:15:28,480
to exploit. And so it's not just, oh, I got to attack their website. It's, no, it is like two
191
00:15:28,480 --> 00:15:33,200
dozen ways in. I just got to figure out the one. And I think to that point, that's why some of
192
00:15:33,200 --> 00:15:39,680
the regulations are changing, like PCI V4 is saying, okay, those apps that you use on your website,
193
00:15:39,680 --> 00:15:44,720
that your client shop on their computers with, it's now your responsibility to make sure that
194
00:15:44,720 --> 00:15:49,920
they're cataloged, they're updated, you keep it in secure, you're patching when you're supposed to patch.
195
00:15:49,920 --> 00:15:54,160
And this, you could directly correlate this to the statistics we talked about earlier. 41% of the
196
00:15:54,160 --> 00:15:58,960
breaches at retail experience are because of an exploitable ability. Why? Because there's dozens of
197
00:15:58,960 --> 00:16:03,680
potential vulnerabilities on systems out there. So I think that's where the regulation is going,
198
00:16:03,680 --> 00:16:08,720
and that's why it's going there is because of that vulnerability. I, I see it, I see it a lot,
199
00:16:08,720 --> 00:16:13,520
um, that's got mentioned. I do a lot of the compliance, uh, here for one step. And,
200
00:16:14,480 --> 00:16:20,080
time and time again, it, it, it's small little things that Kevin said that, that don't seem complex,
201
00:16:20,080 --> 00:16:25,920
that that will get you, uh, for example, the spear fishing and really just fishing in general. It's
202
00:16:25,920 --> 00:16:31,440
what's going to take most people down, because it only takes one email, click, and then, you know,
203
00:16:31,440 --> 00:16:35,200
your system's compromised. Now, hopefully you've had a security professional in there. You've
204
00:16:35,200 --> 00:16:40,080
had somebody look at your technology and see what you need. But as we see time and time again,
205
00:16:40,080 --> 00:16:46,480
it is just those little bits that we take for granted. I'm leaving out of town. I don't have time to
206
00:16:46,480 --> 00:16:51,840
look at this. I'm going to click there and then that's going to get you. Kevin earlier mentioned the
207
00:16:51,840 --> 00:16:57,040
millions of dollars that are going to flow through retail. Um, but one of the things he, he may not know,
208
00:16:57,040 --> 00:17:04,720
because I look at more criminal stats is, um, business email compromise is a billion dollar industry.
209
00:17:05,280 --> 00:17:11,680
And that should be scary. That should be scary to people because, um, it, it's real. Now, how do we do
210
00:17:11,680 --> 00:17:17,440
that with the PCI as Kevin mentioned, the frameworks are changing with PCI for, um, they're kind of
211
00:17:17,440 --> 00:17:23,200
spreading the risk liability from credit cards to retailers and vendors, but it's nice because now
212
00:17:23,200 --> 00:17:28,800
there's a vendor management program set up to where, as Kevin mentioned, all 12 of those plugins,
213
00:17:29,440 --> 00:17:35,520
you can reach out to them and have them give you their security certificates. Um, you do have to do
214
00:17:35,520 --> 00:17:40,960
ongoing security training for your staff that once, you know, yes, those were in there, but they're not
215
00:17:40,960 --> 00:17:45,840
being, uh, enforced. Now we're going to see a lot more enforcement of some of these things that are
216
00:17:45,840 --> 00:17:49,840
going to make everybody safer at the end of it. I think we're all going to be better for it.
217
00:17:49,840 --> 00:17:56,480
I think, um, the prevailing attitude is that if I, if I get a technology that someone else is,
218
00:17:56,480 --> 00:18:01,520
is doing the security, that's been the prevailing attitude that I've seen with retail in particular,
219
00:18:01,520 --> 00:18:05,680
is that, oh, that's somebody else's thing. I'm, I'm just going to assume that they're, they're doing it.
220
00:18:05,680 --> 00:18:12,720
Right. And, um, you know, I learned from you, Scott, uh, that we need to trust, but verify that
221
00:18:12,720 --> 00:18:18,560
people are taking security measures because at the end of the day, if a breach occurs, we can blame
222
00:18:18,560 --> 00:18:23,360
anybody we want, but, but if it's our business and our customer data, then we're the one that's left
223
00:18:23,360 --> 00:18:28,560
told me. So I really think that approach is just so important to, to take.
224
00:18:28,560 --> 00:18:34,880
So the ostrich with the head in the sand isn't going to go, you know, yeah, we're just looking
225
00:18:34,880 --> 00:18:42,000
over our shoulders. Somebody's doing that, right? That's, yeah. All right. So I think we're getting
226
00:18:42,000 --> 00:18:47,920
pretty far in this episode, but, you know, PCI is, you know, it's been around for, but well over a decade
227
00:18:47,920 --> 00:18:53,440
now, I think we're up diversion for, um, you know, this one's going to be for real, right?
228
00:18:53,440 --> 00:19:02,160
I know the stakes are getting bigger and retailers are starting to wake up to this whole concept,
229
00:19:02,160 --> 00:19:08,000
a bit more than what you're talking about, Kevin, where, well, it's, the software I'm using is
230
00:19:08,000 --> 00:19:13,520
supposed to be a PCI compliance with somebody else's problem. Thank you for lining more. So, you know,
231
00:19:13,520 --> 00:19:18,960
rum, what, what do you have to tell us about like the security that we need to worry about or consider
232
00:19:18,960 --> 00:19:25,920
with regards to this current version of PCI? Um, you know, I think I've mentioned this once before,
233
00:19:25,920 --> 00:19:32,560
but plan your work and work your plan. I mean, it's, it's on the business at it and we're done.
234
00:19:32,560 --> 00:19:40,880
No, but it does ring true because on these new requirements, you do have training that you have to
235
00:19:40,880 --> 00:19:45,840
do annually and it has to be acknowledged. So it's not something that you just can pencil with,
236
00:19:45,840 --> 00:19:49,680
you know, and say, yeah, we've done it and you literally need people to acknowledge that they've
237
00:19:49,680 --> 00:19:56,960
done training before. Um, and that goes far reaching into the system. You do have, uh, backup,
238
00:19:56,960 --> 00:20:03,760
continuity and disaster, you have risk assessments, you have, um, incident response plans, all of these
239
00:20:03,760 --> 00:20:13,120
now have to be done and, uh, on paper written down. Shocker. Oh, I know it's, it's actually,
240
00:20:13,120 --> 00:20:20,000
that is probably one of the biggest pieces of the puzzle for businesses. Um, everybody has an idea
241
00:20:20,000 --> 00:20:25,440
of what they're, what they're going to do if X happens. We'll do Y. That's fine. Um, but it's not
242
00:20:25,440 --> 00:20:31,760
written down. So that means if the person that's responsible for it is on vacation in Aruba and you
243
00:20:31,760 --> 00:20:38,400
just can't reach them, nobody will know what to do. So write it down, make a plan and practice. And
244
00:20:38,400 --> 00:20:43,040
that's what I mean by work your plan. Practice. Just see what happens if, you know, somebody calls up and
245
00:20:43,040 --> 00:20:50,080
says, Hey, it's got the servers. You're down. What do we do? Right? And you have a, you have a plan that
246
00:20:50,080 --> 00:20:55,600
you've already put into place. You know where to find it. That's a big key. And you basically go step
247
00:20:55,600 --> 00:21:00,640
one, two, three, four and practice. So I would say that that's one of the biggest things that this
248
00:21:00,640 --> 00:21:05,920
PCI is really pushing forward that. And then as a center of the vendor management. So that you can't,
249
00:21:05,920 --> 00:21:10,960
you know, that we can't blame somebody else. You have to have something that says, no, I've talked
250
00:21:10,960 --> 00:21:15,360
in them. They said that they were secure. They gave me the certificate. And now your liability is,
251
00:21:15,360 --> 00:21:20,320
you know, transferred. And that's that's kind of what you do with the risk, right? Transfer it.
252
00:21:20,320 --> 00:21:26,000
Roman, I was reading something about PCI. I wanted to ask you about since you're the, the expert on it,
253
00:21:26,000 --> 00:21:30,720
the, you know, the prevailing thought amongst brick and mortar retailers was always, oh, well, my credit
254
00:21:30,720 --> 00:21:35,680
car company's doing that. And as long as they say they're, they're PCI on PCI. And I think online
255
00:21:35,680 --> 00:21:42,480
merchants is the same thing. Oh, well, I, I work with whoever, whatever payment portal I work with.
256
00:21:42,480 --> 00:21:48,080
But I was reading and maybe you can confirm this that that one of the things is changing now is that
257
00:21:48,080 --> 00:21:53,440
when the payment card provider says they're secure, all they're saying is that they're devices secure.
258
00:21:53,440 --> 00:21:57,760
They're no longer saying that the retailer is, oh, yeah, you're, your PCI compliant. They're just
259
00:21:57,760 --> 00:22:02,480
saying, I don't know, we are not necessarily your organization is as a retailer. Is that right?
260
00:22:02,480 --> 00:22:09,520
You, you have that absolutely correct. And I, you know, I can change, right? That's a,
261
00:22:09,520 --> 00:22:15,440
that's a change of this new one, isn't it? Yes, and no, depending on what, so there's multiple
262
00:22:15,440 --> 00:22:21,280
avenues in which you can take payment as we all know. I've got a credit card device. I write it down.
263
00:22:21,280 --> 00:22:26,560
I take it over the phone, right, in person. So there's all these different methodologies and
264
00:22:26,560 --> 00:22:31,920
the credit card companies understand that so that they make different rules for different
265
00:22:31,920 --> 00:22:41,840
ways of ending, right? But to your point of when the processor is doing their assessment of your system,
266
00:22:41,840 --> 00:22:48,640
they're looking at it from outside in and they're only saying as you said, my device is PCI compliant.
267
00:22:49,280 --> 00:22:54,800
Because PCI compliant goes to segment of networks. If you've ever made a purchase over the phone and
268
00:22:54,800 --> 00:23:01,120
you heard, we are recording this call for quality assurance. Well, now if you have to give them your
269
00:23:01,120 --> 00:23:08,720
credit card number to buy something, their phone system is actually in scope for PCI. Have they
270
00:23:08,720 --> 00:23:15,280
secured it? Have they secured that recording? We don't know, right? So it's a broader conversation
271
00:23:15,280 --> 00:23:20,160
where once people thought, oh yeah, I just, you know, take a card. It's fine. Well, have you written it down?
272
00:23:20,160 --> 00:23:29,120
Do you destroy that stuff afterwards? And so it's a pretty unique scenario that the credit card
273
00:23:29,120 --> 00:23:35,680
industry PCI industry has pushed back onto us because we start looking at things a little bit
274
00:23:35,680 --> 00:23:41,280
outside of the box and what we use to. So, right. Again, get a professional to help you look at it.
275
00:23:41,280 --> 00:23:47,040
I laugh because earlier, I mean, literally today I've talked to three people specifically about this
276
00:23:47,040 --> 00:23:51,280
when their processor said that they were self-assessed questionnaire,
277
00:23:51,280 --> 00:23:57,760
SAQ is acronym X. And I started asking them questions and I said, you are outside of that scope right
278
00:23:57,760 --> 00:24:05,760
now just by that question. And they're like, really? Like, yeah, they didn't know. It's their ownership
279
00:24:05,760 --> 00:24:11,600
to know, but it's not their job to know. All right, guys. Hey, Robin and Kevin, thank you so much for
280
00:24:11,600 --> 00:24:17,680
your time today. This is extremely interesting. I hope you guys all found this episode interesting and
281
00:24:17,680 --> 00:24:26,560
valuable. So we discussed just how valuable your company's data is in today's world. We discussed
282
00:24:26,560 --> 00:24:34,480
the challenges of securing it and all that goes with that. So your data is worth more than gold.
283
00:24:35,200 --> 00:24:42,800
And the risk versus the reward of going omnivare is there. So just get the professional help,
284
00:24:42,800 --> 00:24:48,080
know what you need to do and do it properly and then take advantage of what the
285
00:24:48,080 --> 00:24:55,520
those retailers that are doing this now are getting. So I know how much effort it takes to build
286
00:24:55,520 --> 00:25:02,400
valuable data and I hope you guys got some ideas on how to protect it today. So remember,
287
00:25:03,440 --> 00:25:08,720
we stand ready to help you. Just give us a call and let us know if you need any help until next time.
288
00:25:08,720 --> 00:25:12,560
Have a great week and remember to stay safe.