Welcome to the latest episode of the Emerging Cyber Risk podcast, brought to you by Ignyte and Secure Robotics. We are your hosts, Max Aulakh and Joel Yonts, and in this episode, we have a special guest joining us: Ganjar Imansantosa, VP and CISO at Tropical Smoothie Cafe, a nationally franchised quick-service restaurant. With over 25 years of experience in information security leadership, Ganjar brings valuable insights into navigating cybersecurity challenges in retail space.
Get to Know Your Hosts and Guest
Let’s take a moment to introduce our hosts. Max Aulakh is the CEO of Ignyte Assurance Platform, where he specializes in delivering DoD-tested security strategies and compliance for mission-critical IT operations. Joel Yonts, on the other hand, is the CEO and Research Scientist at Secure Robotics, with a wealth of experience in cybersecurity and a passion for research. Together, Max and Joel provide expert analysis and guidance in the ever-evolving world of cyber risk.
Our special guest, Ganjar Imansantosa, has a remarkable career spanning global brands such as Ernst and Young, Arthur Anderson, and Dominos. As the VP and CISO at Tropical Smoothie Cafe, Ganjar has played a pivotal role in defining and executing information security strategies. His expertise lies in safeguarding digital assets against emerging cyber threats while supporting businesses in achieving their strategic goals.
In this segment, Ganjar delves into the challenges of implementing cybersecurity protocols in a shared risk environment. He highlights the legal impact that rests solely with the brand, which can ripple effect on both the brand and its franchisees in terms of lost customer confidence and decreased sales. Ganjar emphasizes the importance of creating security awareness among small business owner franchisees and the need for collaboration between the brand and franchisees to drive awareness and compliance. He provides valuable insights on starting conversations and gradually moving the needle towards a more secure environment.
The retail industry has often found itself trailing behind other sectors when it comes to effectively navigating cybersecurity challenges. Ganjar provides insights into the factors contributing to these difficulties in this discussion. While the tech industry embraced concepts such as “zero trust” several years ago, the retail sector is only now beginning to realize its significance in navigating cybersecurity challenges effectively.
Several industry-specific factors come into play. These include razor-thin profit margins and constrained security budgets that have acted as barriers to adopting robust cybersecurity measures. Additionally, Ganjar underscores the impact of the recent pandemic, which compelled retail companies to prioritize their digital channels and expand their digital presence. As the retail industry continues to embrace digitalization, there is a growing recognition of the need to elevate security awareness and implementation as a vital aspect of navigating cybersecurity challenges successfully.
Data Privacy at Retail Brands
Protecting customer data is a critical aspect of cybersecurity in the retail industry. Ganjar discusses the strategies employed by retail brands to manage customer data privacy. He explains that brands typically follow two approaches: either the brand holds and manages all customer data, or individual franchisees collect and input customer data while the brand takes responsibility for its security. Ganjar emphasizes the importance of protecting critical customer data, such as credit card information and addresses, and highlights the progress made by the retail industry in this regard.
Furthermore, he emphasizes the need for brands to carefully unlock customer data to gather valuable insights without compromising security and privacy. Ganjar explores the concept of a privacy-first policy and how it aligns with analyzing first-party data to enable business scaling.
The Role of Legal Teams in Defining a Brand’s Cybersecurity Policy
Legal teams play a significant role in defining an organization’s cybersecurity strategy. Ganjar discusses the maturation of legal teams in the cybersecurity space and their increasing involvement in shaping cyber insurance strategies, risk mitigation, and data protection. He highlights the importance of prioritizing assets based on their criticality and managing residual risk effectively. Ganjar emphasizes that a healthy and collaborative relationship between stakeholders and the General Counsel is crucial to strike the right balance between innovation and data protection.
Tune In and Stay Protected
In this captivating episode, Ganjar Imansantosa, Max Aulakh, and Joel Yonts shed light on the intricacies of navigating cybersecurity challenges in retail space. Gain valuable insights, practical strategies, and expert advice to safeguard your retail business against cyber threats. Discover the steps you can take to create security awareness for franchisees, bridge the gap in cybersecurity adoption, protect customer data, and collaborate effectively with legal teams to define a robust cybersecurity policy.
We encourage you to listen to the full episode on Emerging Cyber Risk Podcast to gain a deeper understanding of the challenges faced by the retail industry and the solutions available to protect your business. Stay protected and informed in the rapidly evolving world of cyber security.