As the reliance on digital infrastructure to provide collective resilience increases, it makes sense that the importance we place on cyber security should follow suit. Various factors — consumer demand, increased competition, etc., — are pressuring many organizations to run before they can walk when it comes to their digital efforts, meaning cyber security continues to be a real challenge. Here are 4 reasons why companies today should be focusing on cyber security more than ever:

1. The constant introduction of new technologies
   Organizations must adapt to new operational security concepts in order to develop sustainable cyber security survival strategies.
2. Increased consumer demand for digital services
   A prime example is COVID-19 and how it served to accelerate the shift to online grocery shopping. As the number of digital services an organization offers increases, so should the focus on cyber security.
3. Customers demand better security
   According to a recent survey by Arcserve, 70% of customers say businesses are not doing enough to safeguard cyber security, and nearly two-thirds of consumers would avoid doing business with a company that has suffered a cyberattack in the previous year.
4. The increase in remote working
   Statistics show that 47% of all individuals fall for phishing scams while at work and 57% of workers claim they are more distracted when working remotely. Cyber attackers even use the pandemic as an opportunity to leverage the curiosity of remote employees in coronavirus-related news. This is illustrated in the graph below which shows a surge in the number of social engineering attacks such as phishing sites (as opposed to websites spreading malware).

On top of all that, speaking for ourselves at Picnic, our rapid growth requires constant vigilance when it comes to cyber security. From our emergence as a trendy e-commerce grocery provider in the Netherlands to our expansion across multiple countries, out success is likely to draw increased attention from malicious actors — it's almost like an advertisement for hackers. 

Security awareness workshops

We run regular security awareness workshops for all our teams. This enables teams to analyze their security efficiency, awareness level, risk level, loss possibility, GDPR violation awareness, and more. We find the workshops result in improved self-awareness, overall security-thinking, and even teamwork. They help our teams hone their security instincts and understand the potential consequences of seemingly isolated security flaws. They also regularly lead to the discovery of new security topics which may have otherwise slipped under the radar.

The workshops almost always generate tons of great questions (and answers) concerning security issues, real-life examples, and ideas for incidents that may potentially occur. The great thing is that, even after the workshops have ended, the questions and ideas continue. Employees are empowered to ask for regular security penetration checks on their systems, demonstrating their awareness of the risks and solutions. This, in turn, increases security awareness maturity across teams.

It all makes for well-designed threat modeling, beginning with awareness and progressing towards successful team collaboration. Penetration testing, architecture reviews, and secure development during the design phase are all part of the ongoing workflow. This creates continuous communication regarding the cyber security mindset, which is invaluable as Picnic continues to grow.

Embracing and Sharing a Future Security Mindset

While we strive to improve our security collaboration between different teams every day, that doesn’t mean there aren’t challenges. Our teams are already incredibly busy — developers, for example, manage several duties including maintenance, planning, and feature development. Can we really expect our teams to add security awareness to their ever-growing to-do lists? The answer is, of course, yes! But it means it really does have to be a team effort, with every single Picnic employee doing their part.

When we talk about the security culture within an organization, we’re talking about everything from employees leaving their laptops or phones unattended to clicking on a dubious link in an email. This is why every employee is responsible for the security culture, and why we use a variety of learning methodologies to help ensure our teams have access to the most up-to-date information, helping us to ultimately lower the risks associated with cyberattacks.

It’s also important to realize that security awareness training isn’t simply about keeping employees safe at work. The goal is to foster a security culture that extends beyond the workplace and helps keep our employees safe from cyberattacks even in their personal lives — remember, hackers aren’t like Dolly Parton; they don’t work 9 to 5!

Preparation is the key to success

The past couple of years have shown us that preparation is the key to successfully limiting the risks associated with cyberattacks. Having the ability to respond quickly to unforeseen incidents helps reduce their impact and even prevent them. We’re already reaping the rewards of security awareness training, with the improved security mindset among our teams ensuring we’re well prepared for the ever-increasing risks.

Above all, the current circumstances provide opportunities for comprehensive innovation, a major shift in perspective, and the adoption of safe and flexible operating procedures.

Got a question for our security engineers? Our awesome colleagues, Ihab and Tejkar, are more than happy to help:

https://www.linkedin.com/in/ihabhajj/
https://www.linkedin.com/in/tejkar-reddy/

At Picnic, we do almost everything in house. Want to help us revolutionize grocery shopping? Come join our team.