How restaurants can better manage cyber risk in the extended enterprise
Turning the tables on cyberattacks
The risk of cyberattacks and security breaches is a critical concern for restaurant executives. It’s also a heightened area of focus for boards. How can executives help their companies better anticipate and manage cyber risks? Our latest report takes a closer look.
Evolution of the restaurant extended enterprise
Restaurants are implementing innovative technologies and adjusting their business models to enhance the customer experience, strengthen sales and margins, and improve operational efficiency. Some of these innovations involve technology enhancements to point-of-sale (POS) systems, new cloud-based technologies, and an ever-increasing number of third parties that interact with customers. New business relationships and processes can create security gaps, alter access to sensitive data, or cause shifts in cyber risk liability exposures.
Download the full report to learn more.
Customer experience–access in a digital environment
The days of calling a restaurant for reservations may soon be over. Customers now have real-time visibility into table availability and can book a reservation with one click on their mobile devices. Restaurants are heavily dependent on reservation apps to remain front and center with customers and satisfy a key logistical need—increasing traffic and managing table-turns.
Additionally, the on-demand nature of customer preferences has given rise to new services, such as food delivery, that were previously limited to specific niche segments of the market. In many cases, restaurant reservation and delivery platforms are not integrated with a company’s point-of-sales system. Restaurants access data through companies that provide these platforms and may not have knowledge of how their data is securely stored, segregated, and transmitted.
These third parties also may be sharing or storing your sensitive data with other third parties unbeknownst to you, which creates new vulnerabilities and entry points for cyberattacks and requires greater vigilance to protect key customer data.
The payment processing industry is continuously evolving with consumers demanding more convenient and flexible options. This shift incorporates an innovation-driven ecosystem consisting of processing terminals, new mobile technology, and credit card companies. Each generation of payment technology—from the traditional magnetic stripe cards, to chip cards, to various derivations of mobile contactless methods—has provided significant business benefits. But it also introduces new cyber risks.
Europay, MasterCard, and Visa (EMV) cards are viewed as a step to decrease credit card fraud. The ability to accept EMV cards, however, does not come cheaply as they require new terminals capable of reading the embedded chips. But restaurants must also consider the cyber risks of not upgrading.
Much like the EMV standard, innovations in payment technologies should be viewed as another step along the payment security infrastructure. Therefore, strengthening resiliency to cyber breaches associated with new payment technologies can be essential to business continuity.
Putting it all together
Recent cyberattacks suggest that restaurants may be prime targets for criminals and others looking to cause irreparable damage to companies through the exploitation of sensitive data. The use of new technologies, and the fact that restaurant companies process millions of credit card transactions annually, increases susceptibility. The core issue is that a greater number of third parties are handling an increasing amount of sensitive data. Recent high-profile cyber breaches only highlight the urgency for restaurant companies to contend with cyber risks to protect their customers, brand, and operations.
How, then, can restaurants turn the tables on cyber risk? By expanding their cybersecurity programs to also detect unauthorized activity and respond effectively when incidents occur. Rather than focus solely on security, restaurants should develop strategies for becoming Secure.Vigilant.Resilient.™
Putting Secure.Vigilant.Resilient.™ on the menu
Secure.Vigilant.Resilient. is Deloitte’s three-course approach to controlling cyber risk. Companies should build a core security foundation by establishing controls and processes around their most sensitive assets, including staying current with technology vendor patch updates.
With respect to being vigilant, companies must maintain awareness of how threats are evolving and be able to detect malicious or unauthorized activities. To that end, many organizations are making use of Security Information Event Monitoring (SIEM) technologies to provide insights on threat activity and support monitoring and advanced detection capabilities that focus on critical business processes.
Being resilient is the ability to return to normal operations quickly to reduce the impact of cyberattacks and breaches. This means having the capacity to rapidly analyze situations; execute business continuity and recovery plans; and interact effectively with customers, media, legal counsel, law enforcement, and industry peers. Leadership must be equipped to take quick and decisive action, even when faced with an incident it may not be fully prepared for.