Over four in ten businesses experienced a cyber-security breach over the last year, according to the Government’s Cyber Security Breaches survey.
Investment in cyber security by retailers in the last year reached a total of £2,900, and 51 per cent of businesses have implemented all of the five basic technical controls listed under the Government-endorsed Cyber Essentials scheme.
But retailers are being left vulnerable to cyber-attacks as they seek to move towards a more ‘frictionless’ shopping experience. Connected devices in-store – from mobile point of sale to digital signage and connected stock-tracking options – are often poorly secured, according to cybersecurity experts at World Wide Technology (WWT).
While working with a multi-billion pound retail organisation, WWT security professionals discovered over one million unpatched security vulnerabilities in their system, a third of which were critical.
Matt Sebek, Vice President of Digital at World Wide Technology, comments: “As customers place increasing emphasis on the ease of the shopping experience, and online giants such as Amazon continue to modernise the retail landscape, innovations around connected technology will gain momentum. As businesses re-imagine retail, it is also imperative to re-imagine retail security.
“Before integrating technology within the system, retailers should review the objectives behind doing so. Not fully understanding the business outcome or the critical underlying infrastructure can lead to a fragmented solution that may not be secure, sustainable or scalable. Each device is a potential entry point onto the network and businesses need to be clear about what the device is connected to, and the value of the data it is collecting.”
Sebek continues: “These projects must be integrated from the ground up. Connecting devices into an existing network structure is usually a disaster waiting to happen. Segmenting a network, introducing air-gaps between essential and non-essential devices, helps to form a physical barrier against cyber breach.
“Retailers are in danger of an ever-increasing spend on cyber security. A tactical action plan that prioritises vulnerabilities by criticality and the level of effort needed to overcome the vulnerability is a good place to start.”