Northwest Arkansas Democrat-Gazette
Security seminar planned
Walmart’s focus with conference is to protect data.
Walmart Inc.’s Tim MalcolmVetter used a professional football analogy when describing one of the reasons the company is hosting an information security conference in Northwest Arkansas today.
Every defense strives to be the best in the sport, but there’s no way to know for sure until it goes toe-to-toe with a prolific offense. MalcolmVetter, who leads a team of “ethical hackers” in the company’s information security department, believes the same is true for cybersecurity professionals as they try to defend their organizations against data breaches.
“You need to see what that offense looks like,” MalcolmVetter said. “So the more people we can get exposed to what that offense looks like, the better they can be at their jobs.”
Education is the goal of Walmart’s Sp4rkCon, a oneday event that will be held at the company’s David Glass Technology Center in Bentonville. Walmart has invited information technology and cybersecurity professionals into their tech office to par-
ticipate in the free conference, which will feature in-depth discussions from industry leaders about a variety of security-related topics.
The second year for the event is timely, too, coming amid a recent rash of reported data breaches or other issues that have affected companies and consumers across retail and other industries.
“Security is a hot topic,” MalcolmVetter said. “It doesn’t take watching the news too long any given week to see yet another enterprise has been breached. So it’s on everyone’s radar.”
This week, Hudson Bay Co., which owns department store chains Saks and Lord & Taylor, said information for more than 5 million credit and debit card users was stolen. Delta Air Lines and Sears also confirmed they were informed last month that some of their customers’ credit card information might have been compromised during online chat support functions provided by a software company.
Under Armour Inc. said late last month that about 150 million accounts in its MyFitnessPal app were compromised, while Panera Bread said a data breach exposed the personal information of thousands of customers.
None of the companies have faced the same amount of scrutiny as Facebook, which has been widely criticized the past couple of weeks for its inability to secure the data of its users.
Jerry Geisler, Walmart’s global chief information security officer, said the volume of reports is a “good indicator of how vulnerable organizations are” to breaches. But he believes the chance to engage with peers and exchange ideas is important in efforts to ensuring the industry grows stronger.
“There is not a perfectly secure organization,” Geisler said. “We’ve seen organizations breached … from business to banking to academia to government.”
The effect of data breaches varies for every organization, but a 2017 study conducted by research firm Ponemon Institute determined that the average global cost was about $3.6 million. The average cost for retailers that sustain a data breach, according to the study, is $4 million.
One of Walmart’s retail rivals — Target Corp. — was subject to criticism for a 2013 data breach that affected more than 41 million customer accounts and exposed contact information for more than 60 million. Last year, the company agreed to pay $18.5 million in a multi-state settlement.
Varun Grover, a David D. Glass endowed chairman and distinguished professor in the Sam M. Walton College of Business at the University of Arkansas, said the challenge to protect data is “major” and requires different levels of protection, or layers. But the biggest cause of breaches is often the weakest link, the “human element,” Grover said, not the technology.
Reducing human vulnerabilities through strong policies, enforcement mechanisms and training is key, as are technical solutions like encryption and layering. Grover added that it’s important for companies to continuously assess risk and test their systems.
“Communicating that this is not an IT problem, but the responsibility of everyone in the company allows for greater ownership of security issues by employees,” Grover said in an email.
Geisler described Walmart, the world’s largest retailer, as a “high visibility target” because of its size and global footprint. The company has 11,700 stores and 2 million employees worldwide. Its scale presents plenty of challenges, but Geisler said Walmart has made investments in information security a priority and there’s a sizable team dedicated to protecting the organization.
“We want to be known as the most trusted retailer to our customers,” Geisler said. “It’s important to us that we protect the brand and reputation of the company, that we protect our customers’ data, that we protect our associates’ data and that we protect our intellectual property.”
Geisler said Walmart will give attendees a chance to learn about the company’s tech operations and its own information security practices. He also said the opportunity to host the conference in Bentonville also provides outsiders with exposure to the region as Walmart continues to recruit tech talent.
Walmart said last year about 350 people attended the inaugural information security event, but more than 700 had registered for today’s conference. Offensive and defensive strategies, emerging technologies and the latest tools to secure data will all be featured in discussions.
Walmart also held a smaller conference, called Sp4rkCon By the Bay, in Sunnyvale, Calif., on Friday.
Alan Greenberg, the chief information security officer at the University of Arkansas, said he’ll be in attendance along with between 10 or 15 others from the university’s information technology department.
Greenberg said the opportunity to exchange ideas will be valuable for everyone in attendance.
“We all have a common enemy,” Greenberg said. “There are people trying to break into all of our companies. So the more we can share information the better.”