As retailers prepare for cyber Monday and the online Christmas shopping rush, they must face the challenge of securing a myriad of smart devices and protecting the increasing flow of sensitive customer information, says iSheriff in a new report published this week. The report suggests that technology driven omni-channel retailing strategies that blur the lines between in-store and online retail, significantly increase exposure points and opportunities for cyber-security breaches.
Retail web sales are expected to increase by 18.4% by the end of 2015 according to the Centre for Retail Research but many of the companies aggressively building omni-channel capabilities are struggling with cyber security. The top five retail breaches of 2014 alone exposed a collective 495 million customer accounts[1], and 2015 has seen 523 security incidents in the retail sector, 164 with confirmed data loss[2].
“The benefits of omni-channel are clear for retailers as they try to change the game on the e-commerce leaders, but the costs and risks should not fall on the backs of consumers who will now have much more personal data at risk of exposure,” said Oscar Marquez, iSheriff’s Chief Technology Officer. “Whether they are buying online or in store, at a fixed register or mobile point of sale device, by swiping, typing, scanning or calling, customers need to know their personal and payment data is secure. Omni-channel retail needs omni-security.”
The report identifies three major security risks retailers need to consider when deploying an omni-channel strategy: protecting multiple points of exposure, enhancing security visibility and policy enforcement and addressing new device-specific malware.
Protecting multiple points of exposure. Expanding security from today’s infrastructure of a limited number of point of sale terminals and employee computers to multiple mobile POS devices, sensors, employee smartphones, in-store beacons, workstations and tablets on the corporate network, increase exposure points and risk exponentially. In addition, transactional data that moves from online to in-store and between in-store devices, creates many more points of entry for cybercriminals.
Enhancing security visibility and policy enforcement. Deploying new technologies and point products make it more difficult for IT departments to get a clear and comprehensive view of their security risk. More points of delivery means a more complex information supply chain. Likewise, the need to interact with and manage many vendors can create additional risk and introduce devices that are no longer ‘owned’ by the retailer.
Addressing new, device-specific malware. As recent history with POS devices has shown, cybercriminals will develop malware that is device-specific. As new omni-channel devices become part of the retail IT infrastructure, malware will emerge that’s specifically targeted to exploit vulnerabilities unique to those devices.
Click here to view the iSheriff white paper, Omni-Channel Needs Omni-Security.
[1] (Robinson, 2014)
[2] (Verizon, 2015)
