How Digital Transformation is exposing cannabis businesses to hackers

Along with new opportunities and opportunities for growth, the transformation of cannabis into a digital industry creates a new challenge for suppliers: the maturity of cybersecurity.

For example, retailers’ rise to integrated digital platforms for key functions such as point-of-sale transactions and customer loyalty programs also make them prime targets for sophisticated hackers.

With vast amounts of customer data at risk, the potential for costly and damaging data breaches has never been higher, underscoring the industry-wide need for effective security measures, security experts and security experts say,

“Retail in general continues to be the biggest target for cybercriminals,” said Ben Taylor, Executive Director of Cannia-based cannabis information sharing & profit analysis organization that provides resources to support the security of the cannabis industry.

“For cannabis businesses, the biggest thing to focus on as they adopt more digital solutions is that their attack surface – the problems a threat actor can breach their network – is expanding,” he added.

The digital transformation of cannabis creates efficiency – and risk

The cannabis industry has operated in a cash-based, brick-and-mortar world for years, but today’s cannabis industry is a hub of digital activity.

E-Commerce platforms, online ordering, digital payment systems and data-driven marketing tools are now commonplace – a transformation that opens up new levels of efficiency and customer engagement.

But it has opened the door to significant digital risks.

Every customer transaction and use creates valuable data, from purchase history and personal identification to contact information – prime targets for cybercriminals.

Earlier this year, for example, Los Angeles-based cannabis operator STIIIZY sent a data breach notification to a Maine retailer

While the information is SCAN, observers suspect a ransom attack.

In a separate incident, an Ohio company that handles medical cannuobis recommendations appears to have left nearly a million records containing detailed personal information publicly available.

That led to state and federal investigations.

In addition to the financial and financial damage any business will face, a breach can expose a person’s customer information related to something illegal.

This can lead to serious breaches of privacy, legal liabilities for the business and the loss of customer trust that is hard to find.

A new frontier in cannabis security

Recognizing the growing threat, some technology leaders in the Cannabis industry are taking steps to strengthen their defenses.

Sweed, the Retail technology platform, recently launched a “Bug Bounty” program where ethical operators and security researchers from around the world are invited to test their web services and retail data infrastructure.

In return for disclosing any security flaws they find, researchers receive financial rewards of up to $2000, and the amount paid is determined by the risk of the problems identified.

The hope, according to the founder of Rocco del Priore, is that the bug Bounty program will help the movement of powerful software and build trust among its customers.

He pointed out that as the industry grows, it becomes a large company, involves many public companies and is highly dependent on processes.

“We are mature enough and confident enough on our platform that we invite anyone and everyone anywhere in the world to break away,” Del Prave said.

Practical steps for cannabis workers

Salespeople also have a role to play in protecting their businesses and their customers.

Taylor has been alarming about the weaknesses facing cannabis sellers today.

“You can have the strongest compliance in the world, but if your network is compromised or your POS is compromised, your entire business and customer trust is on the line,” he said.

Taylor notes that the rise of e-commerce and digital ordering has attracted sophisticated threat actors, and even one exploit can have far-reaching consequences for stolen credit card – customer information or operational data.

According to Taylor, the Bug Bounty Programs are such transparent things as a boat and a signal to both administrators and customers who work to take data security.

“Speed ​​to market is very important for these software companies,” Taylor said. “The bottom line is that things are really straining, and security can fall by the wayside.”

What sellers can do to protect themselves

Eric Laboarce, head of engineering at Cannabis Wholesale Plagy Leafleflink, said that as the industry grows, cybersecurity is more important than ever.

One challenge for multitaskers is the various regulations surrounding operations and cybersecurity – TROMS Force says it can be adjusted to increase the set of common standards within the same company.

“It makes it easier to know what to do,” she said.

Among the cybersecuripy measures experts such as Laforce and Taylor say cannabis sellers should be:

• Prioritizing staff training: Your CAST is the first line of defense. Training in identifying phishing scams, using strong passwords and sensible data privacy policies can prevent many security issues.
• Choose secure technology partners: Vertas is your best technology vendor. Ask Pos, e-Commerce and Marketing about their security rules. Do they have a dedicated security team and conduct regular penetration testing?
• Developing an incident response plan: No plan is foolproof, so it’s important to have a clear, foolproof plan in place for what to do should it happen. The plan should outline steps to isolate affected systems, notify customers and regulatory bodies and restore operations as quickly as possible.

“A lot of people just think about cyberbullying,” Laforce said. “You have to have these kinds of conversations – talk to your employees, make sure they understand the types of attacks that are possible.

“Those things have real consequences, and awareness is really critical.”

Margaret Jackson can be reached Margaret.Jackson@mjbizdaily.com.