Retail success in a digital world depends on a strong marketing strategy and constant upgrades to the latest technologies. The newest in-store and online devices and applications provide customers with easy access to information, speedy checkouts, and convenience while providing management with remote access to operation controls. These technologies help your business stand out in a crowded marketplace, but they also provide threat actors with easy access to your environment and can impact the security of your organization.
Purchasing preferences and technology
There’s no question about it, retailers must keep innovating with technology and provide web-facing applications, mobile apps, and an online experience that engages shoppers. The 2017 UPS Pulse of the Online Shopper survey revealed that when researching products among multi-channel retailers, online access is preferred by 83% of shoppers. It also found that over the previous year, e-commerce grew 13% with a 45% increase reported for mobile retail spending.
Online shopping is not the only way retailers are innovating with technology. Heating, cooling, and overhead light systems may be connected to the Internet and controlled remotely. RFID identification chips, which have fallen in price from more than $1 to ten cents, are being used to count, track, and manage hundreds of products, allowing controllers to change the price of specified items remotely in an instant.
Virtual and augmented reality apps and mirrors are being used to simulate the way a customer would look in makeup, hair color, and clothes. In fact, according to Retail Perceptions, 40% of shoppers would be willing to pay more for a product if they could experience it through augmented reality, and 61% prefer to shop at stores that offer augmented reality over those that don’t.
In a February 2017 consumer survey by the International Council of Shopping Centers (ICSC), 41% of shoppers said they were interested in interactive shelves that provide product information. More than half said by 2020, they expect stores to give them the ability to see virtually how home furnishings and accessories will fit into their homes before making a purchase.
With the good comes the bad
While all these new technologies enhance customer experience, and increase business revenue, they can also be easily exploited by attackers.
A few examples include:
- A hacker can listen for communication between an RFID tag and an RFID reader to intercept and manipulate the information to change prices.
- Augmented reality applications don’t have a security standard and Augmented Reality Markup Language (ARML) lacks comprehensive security controls.
- The traffic that enables a user to imagine herself in your store clothing crosses your network, revealing details such as IP addresses, location, type of device, user permissions, and more.
- Most manufacturers of IoT devices provide no updates or patches for vulnerabilities, so organizations must be diligent about quickly stopping attackers to limit damage.
In addition to ensuring proper security controls are in place for newer technologies, retailers must still contend with vulnerabilities arising from point-of-sale (POS) systems. POS threats are nothing new, and usually due to malware, skimmers or compromised machines that allow attackers to access customer credit card data as well as your network. When those attacks occur, you must be able to recognize and remediate them quickly to prevent or minimize damage.
Security needs to be delivered in a way that is fast and scalable to keep pace with today’s cyber threats.
Smaller companies typically have limited budgets and often lack security professionals who have the tools and knowledge to block and remediate threats. No matter where your latest technologies are housed – on premise, in the cloud, or a hybrid of the two – you must have insight into your data and devices, including your industrial IoT systems, to view the movement of an adversary within your environment. But, spotting your attacker is only the first step. You must also be able to provide immediate remediation, and that’s where most retail organizations fail.
One of the most cost-effective ways of obtaining visibility into all your technologies and securing any environment, is working with a trusted third-party security provider.
The emergence of security-as-a-service (SECaaS) enables comprehensive protection of your total environment with just a quick spin up from the cloud. You don’t have to buy and manage expensive equipment like a Security Incident Event Management (SIEM), intrusion detection/prevention systems (IDS/IPS), or endpoint detection and response tools. For retailers of all sizes, SECaaS can deliver the automatic protection, detection, and remediation your organization needs to reduce the cost and the burden of managing security and compliance.
To learn more about securing your environment, see our retail security white paper.