Why Retail Stores Are More Vulnerable Than Ever to Cybercrime
When we think about cybercrime and retail it is natural to focus on websites being targeted with attacks. Indeed, there has been a shocking rise in the number of cyberattacks perpetrated against online retailers in the past year. Dakota Murphey explains why store owners and security managers need to also protect their physical locations from the cyber threat, too, however.
This article was written by Dakota Murphey.
Figures from SonicWall's Biannual Report revealed that e-commerce and online retail businesses saw a 264% surge in the past 12 months in ransomware attacks alone. These kinds of statistics are extremely worrying for retail businesses, so it is unsurprising that websites and digital security are at the forefront of retailers' minds.
However, for those retailers that have a physical store as well as an online presence, there might be an assumption that the cybersecurity in-store doesn't need to be considered as a top priority. Well, doing so could be a big mistake.
In this article, we take a look at why retail stores are more vulnerable to cybercrime than ever before.
Security Is Weaker
There can be no doubt that one of the major issues around security in-store is the issue of complacency. It is assumed that physical stores themselves are unlikely to be targeted by cybercriminals — surely it is more likely that they will put their resources into using hacking or phishing?
In reality, cybercriminals are always looking for ways to maximize their time — they want quick wins. Increasingly, as retail stores are less well protected they are being seen as an easy way into the computer system of a company. Perhaps the lesson that needs to be learned here is that you should never assume that you won't or can't be attacked.
Cybercriminals are far more sophisticated than they've ever been. If there are gaps in security, they can identify and tap into them. Retailers, for instance, need to balance consumers' privacy and data protection with their own tight security measures that protect their internal IT systems and physical stores. Failure to install security effectively and comply can result in firms facing fines for breaches in privacy laws under stringent CCTV regulations and GDPR guidelines.
Stores and Websites Are Intrinsically Linked
You might think that there is a divide inside your business: your physical store and your online store. However, it is generally the case that your physical premises are linked to your digital system just as much as an office might be. Do you log in to your system at work? Do you track customers' details using an IT system?
For the majority of businesses, the physical store is actually just as dependent on your IT system as the site online. This presents a potential problem. If your physical retail store can potentially allow access to your whole IT system, cybercriminals can use nefarious methods in your physical premises.
The Rise of the Internet of Things
Physical stores are increasingly reliant on Internet of Things devices — that being any device that is connected to the Internet. This might include stock checkers, smart shelves, predictive maintenance equipment and much more.
Physical security devices such as CCTV, video surveillance, and alarm systems are often connected to the Internet and can also be a vulnerability for targeted cyberattacks. The wider use of video surveillance technology and other types of physical devices extends to more than pure crime detection. They have intelligent capabilities that can be applied to monitor crowds, secure physical sites, and support building management platforms.
Although such integrated systems do a good job in providing smart data to support security firms and facilities managers managing retail sites, any data, files and surveillance videos can be vulnerable to cyberattacks.
Whether stored or managed on cloud-based applications or as on-premise solutions, such physical security devices that protect retail stores also open up another potential entry point to your IT system that criminals can exploit. And, if CCTV, video surveillance and alarm systems are not managed properly, they can be a major problem.
The Invasion of Shadow IT
Shadow IT is the use of any kind of software or applications that aren't approved by the IT team. This is becoming a big problem, especially in stores where staff make use of personal devices as a part of their role.
"The popularity of shadow IT is partly due to its perceived benefits," says George Glass, head of threat intelligence at cybersecurity specialists Redscan, "these include the ability to take initiative in setting up and using technology and the freedom to adopt systems and software more quickly in order to reduce workload. However, these apparent benefits come at a significant cost."
The issue arises when this shadow IT is not checked for vulnerabilities or is not kept up to date because it is not known by the IT team. These vulnerabilities and flaws can present a potential opening for cybercriminals.
Prioritizing Speed of Service Over Security
It is naturally the case that many businesses in retail want to prioritise fast and effective customer service. Unfortunately, this can ultimately result in good security practices being overlooked in favour of getting on with tasks. For example, if a customer comes in requesting a password reset on their account, there may be some pressure to simply go ahead with this rather than following the correct procedure.
Retail stores need to understand the interconnected nature of cybercriminals and in-person crime. With the rise in cashless retail and a surge in online sales (that has witnessed an unprecedented rise in recent years), retailers' IT security has had to keep in step and reposition itself with the evolution of consumers' buying habits. This increased awareness, however, has been reinforced by the UK Government's measures to support security technology within the retail industry.
While retail stores are more vulnerable than ever to cybercrime, there is much that businesses can do to mitigate risk. Perhaps the most important factor is providing staff training to ensure that everyone understands their role in preventing cybercrime.
Dakota Murphey is a freelance tech writer.
This story first appeared on IFSEC Global, part of the Informa Network, and a leading provider of news, features, videos, and white papers for the security and fire industry. IFSEC Global covers developments in long-established physical technologies — like video surveillance, access control, intruder/fire alarms, and guarding — and emerging innovations in cybersecurity, drones, smart buildings, home automation, the Internet of Things, and more.
About the Author
You May Also Like
A Cyber Pros' Guide to Navigating Emerging Privacy Regulation
Dec 10, 2024Identifying the Cybersecurity Metrics that Actually Matter
Dec 11, 2024The Current State of AI Adoption in Cybersecurity, Including its Opportunities
Dec 12, 2024Cybersecurity Day: How to Automate Security Analytics with AI and ML
Dec 17, 2024The Dirt on ROT Data
Dec 18, 2024