What You Don't Know Can Hurt You: Three InfoSec Retail Predictions
December 14, 2017
It has been a turbulent year for industry as a whole, and retail has been in the center of the turbulence. Amazon bought Whole Foods, grocery chains moved into new markets, and myriad players invested heavily in building digital capabilities. The catchphrase on everyone’s lips has been, “Transform the customer experience.” As a consequence, retailers are rushing to improve their CX, leveraging deep customer knowledge and technology to enable seamless interactions across all channels.
As retailers rethink their business and digital strategies, they would do well to pause and consider the importance of information security. While one of the biggest hack stories in 2017 was outside the retail industry – next year may be different. With its transaction-intensive nature and wealth of customer and payment data, retail is perennially inviting to cybercriminals.
We’d like to help retailers keep their businesses safe and sound in 2018, and so we offer the following predictions and recommendations for the year ahead.
1. As retailers double-down on digital transformation, they will need to rethink their networks.
Despite the fear of being bought out, we believe that there are growth opportunities for many leaders, provided they commit to ongoing transformation. Retail revenues notched a respectable $23 trillion worldwide, with e-commerce revenues soaring 23.2 percent to $2.3 trillion.
Creating a seamless omichannel experience involves linking data, apps, and systems in a virtual, virtuous feedback loop; and being able to integrate and analyze the torrent of new data connected devices will provide. Many networks today can’t handle the strain. Much like the server farms of the past, they’re over engineered, inflexible, and sprawling.
So what should retailers do? Consider using a software-defined wide-area network (SD-WAN) to create a network that’s as flexible and agile as your strategy. An SD-WAN allows you to optimize the performance of your applications by algorithmically sending internet traffic over the best network for better performance and cost, strengthening business continuity with instant failover and session maintenance, and providing you with complete command and control.
2. Connected devices open the door to great business opportunities, but more threats.
We’ve all read about how cloud, mobile, social, and IoT are converging and enabling digital platforms, including new ways of working and engaging with customers. Cloud has enabled a renaissance of retailing with digital commerce, powered by recommendations, next-best offers, and dynamic pricing, among other innovations. Mobile and social have transformed the selling and shopping experience. And IoT is enabling retailers to use connected things like beacons to power real-time marketing offers, and smart tags and devices like tagged-merchandise, interactive shelves, mirrors, dressing rooms, and kiosks to engage customers at every turn.
So IoT is a game-changer. No doubt, as they connect a myriad of things, retailers will learn more about supply chain, production, and warehousing; inventory, marketing, and sales processes; and employee and shopper behavior that can be used to a profitable advantage. But IoT also opens the door to threats we’re only beginning to understand.
Consider 2017’s smart fish tank hack at a casino. While it can be tempting to dismiss it as a niche issue, we’ve also seen attacks powered by IoT botnets and computers.
Companies will be using IoT to connect 10-times more devices across more locations than they do today. Get ready for IoT by protecting your data, devices, and business with a new approach to information security.
Next-generation Security Information and Event Management (SIEM) provides all the advantages of proactive information security services that identify, isolate, and resolve vulnerabilities and incidents – managed for you. It’s what analysts are calling SOC-as-a-Service.
SIEM also enables companies to leverage IoT safely when they adopt wide-area networks like SD-WANs. Together, managed SIEM and SD-WAN enable companies to monitor, analyze, and manage IoT connections from edge-to-edge of the enterprise.
SIEM makes sense of the “noise” of IoT by looking for unusual behavior, consolidating data sources, using threat intelligence feeds, and automating security response. Since IoT happens at scale, it just makes sense that information security should also grow to respond at scale.
3. POS systems face a new generation of threats like ransomware, and retailers need to get prepared.
Retailers know that POS systems represent a source of ongoing vulnerability. Companies are on guard against threats like skimming and malware. In 2017, companies like Brooks Brothers, Forever 21, and Kmart found malicious software on payment processing systems. Cybercriminals typically steal credit card data that they then sell on the black market for $5 to $30 per account; yet the value of this stolen data has drastically decreased.
There is a new POS threat that is rising in importance: ransomware. Cybercriminals will increasingly skip the low-hanging fruit of data theft and use ransomware to disable POS systems until fat fees are paid. With few to no options, companies may be willing to pay almost anything to get systems back online. Large retailers lose millions of dollars in lost revenue each day that their POS systems are offline. We believe that ransomware demands will skyrocket in 2018, so it makes sense to prepare now.
Want to know if your POS systems are prepared for a ransomware attack? Consider trying a free online self-assessment tool. You’ll learn what your risk levels are, how much you could lose, and get recommendations to protect your systems. Learn your POS ransomware risk now.
To learn more about security solutions that can be tailored to your needs, and affordable, click here for a free security consultation today.