How well prepared is the German retail landscape for these threats when it comes to cyber security?
Linke: From my own experience, I would say that many companies are not well positioned in terms of cybersecurity, they tend to treat the topic rather neglectfully. Often, someone from the IT department or an IT service provider takes over on the side. However, there is no one who is officially responsible, has the necessary qualifications or has a real overview. The BSI also confirms that small and medium-sized enterprises in particular are often poorly positioned.
In my experience, one of the reasons for this is that companies consider themselves too small or too unimportant to be attractive to attackers. But these companies fail to recognize how cyber attacks work today: Attackers are not specifically looking for large, valuable companies or data, but for vulnerabilities in general.
Another decisive factor is that cybersecurity is not part of the retailer's core business, which means that business processes such as purchasing, sales and financial transactions take priority. Cybersecurity is often seen as an additional cost without a direct return on security investment. However, it is a way of preparing for an increasingly probable emergency.
In addition, important systems such as web stores, ERP systems, cash register systems or payment terminals are generally not designed to be redundant. This means that an attack can paralyze the entire business.
And finally, there are many evolved IT landscapes in the retail sector, with companies often operating a mix of old legacy systems and newer cloud services. Securing this diversity is a real challenge.