Omni-channel retail needs omni-security

New report highlights security risks of omni-channel retail strategies.

  • 9 years ago Posted in
As retailers prepare for cyber Monday and the online Christmas shopping rush, they must face the challenge of securing a myriad of smart devices and protecting the increasing flow of sensitive customer information, says iSheriff in a new report published this week. The report suggests that technology driven omni-channel retailing strategies that blur the lines between in-store and online retail, significantly increase exposure points and opportunities for cyber-security breaches.
 

Retail web sales are expected to increase by
18.4% by the end of 2015 according to the Centre for Retail Research but many of the companies aggressively building omni-channel capabilities are struggling with cyber security. The top five retail breaches of 2014 alone exposed a collective 495 million customer accounts(1), and 2015 has seen 523 security incidents in the retail sector(2), 64 with confirmed data loss
 

“The benefits of omni-channel are clear for retailers as they try to change the game on the e-commerce leaders, but the costs and risks should not fall on the backs of consumers who will now have much more personal data at risk of exposure,” said Oscar Marquez, iSheriff’s Chief Technology Officer.  “Whether they are buying online or in store, at a fixed register or mobile point of sale device, by swiping, typing, scanning or calling, customers need to know their personal and payment data is secure. Omni-channel retail needs omni-security.”

 

The report identifies three major security risks retailers need to consider when deploying an omni-channel strategy: protecting multiple points of exposure, enhancing security visibility and policy enforcement and addressing new device-specific malware. 
  1. Protecting multiple points of exposure.  Expanding security from today’s infrastructure of a limited number of point of sale terminals and employee computers to multiple mobile POS devices, sensors, employee smartphones, in-store beacons, workstations and tablets on the corporate network, increase exposure points and risk exponentially. In addition, transactional data that moves from online to in-store and between in-store devices, creates many more points of entry for cybercriminals. 
  2. Enhancing security visibility and policy enforcement.   Deploying new technologies and point products make it more difficult for IT departments to get a clear and comprehensive view of their security risk.  More points of delivery means a more complex information supply chain.  Likewise, the need to interact with and manage many vendors can create additional risk and introduce devices that are no longer ‘owned’ by the retailer. 
  3. Addressing new, device-specific malware.  As recent history with POS devices has shown, cybercriminals will develop malware that is device-specific. As new omni-channel devices become part of the retail IT infrastructure, malware will emerge that’s specifically targeted to exploit vulnerabilities unique to those devices.  
Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
73% of organizations lack automated patch management, and 62% experienced incidents involving...
Quest Software has signed a definitive agreement with Clearlake Capital Group, L.P. (together with...
Dell EMC PowerProtect Cyber Recovery for AWS provides a fast, easy-to-deploy public cloud vault to...
Aqua’s cloud native application protection platform becomes the only solution that protects cloud...
54% of organisations working on a security transformation project now or in the next 12 months.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Zscaler Zero Trust exchange cloud-based architecture enables superior green security capabilities...