Making cybersecurity a priority will be key to keeping retail businesses afloat post-COVID

By Rich Orange, Regional Director of UK&I at Forescout

COVID-19 has presented a whole heap of challenges to the way retail businesses are running. We know that some have grown exponentially, and sadly others have dwindled. For many high street retailers, for example, traditional operations have completely ground to a halt and are only now resuming, whereas supermarkets and pharmacies have seen demand soar.

In both of these scenarios, it’s clear that necessary changes have had to be made to ensure business operations remain as smooth as possible. From ensuring staff hygiene to building reliable logistics and transport links, coronavirus has rewritten the rulebook when it comes to ensuring a resilient retail business.

The problem is, as organisations at either end of the scale have had to pivot and focus efforts into keeping operations afloat, the need for effective cybersecurity practices hasn’t gone away. In fact, if overlooked, could present an even greater test to business continuity than the pandemic itself.

Naturally it’s also a sector heavily reliant on brand reputation, and so while a company might be able to weather the financial storm of a large-scale cyber attack, recovering from the reputational damage could be far more complex.

And so, as we look towards the future and some sort of semblance of normality, it makes sense to identify what those pain points are and how to overcome them.

Devices, devices, everywhere

One of the key cyber challenges that companies in retail face is the fact that they typically have a higher proportion of internet-connected devices on their IT network. Take banks, for example. They typically have a 3:1 ratio when it comes to people and devices. Yet staggeringly for retail this is closer to 5:1, meaning that for every 10,000 employees working within a retail business, there are 50,000 devices to manage and protect.

Some of these devices naturally belong to the employees themselves, in the form of personal phones and work computers. But a vast majority also take the form of innovative tech equipped with internet connectivity, such as self-scanners and new PoS systems, that help make the shopping experience simpler and more enjoyable for consumers.

In a market so readily defined by the customer experience, it makes sense that tech is so intrinsically linked. However, a proliferation of devices can create serious difficulties for the IT security team who, with so much to account for, have a hard time in ensuring the network isn’t compromised if one starts acting suspiciously.

Taking this one step further, certain retail businesses, such as supermarkets, are unique in the fact that they have a vertically integrated supply chain. What this means is that often the devices that are operating in the farm – that supplies the factory and that then ultimately supplies the store – are all interlinked, adding further complexity to the device management puzzle.

So, then, what can be done?

The ultimate cybersecurity shopping list

A good starting point would be to increase device visibility. Being able to know with absolute certainty how many devices are on a network, where they are, and what their status is allows for greater overall cyber security posture. For retailers especially, where the number of devices is so large, accurate device inventory is essential.

Consideration should also be given to network segmentation. By breaking up the network by business function, greater control can be exerted by the security team over who can access that segment and what activity is occurring.

For vertically integrated retailers that vary from farm to factory to outlet, this means that milk production facilities no longer have the ability to communicate all the way through the network to the data centre and the self-checkout system in store. More significantly, it also prevents the possibility of lateral movement in the event that a breach does happen.

We also need to consider the corporate challenges faced by retailers on a macro scale. Competition is rife and so, unlike other sectors where organisations tend to look out for each other as well as themselves, shared challenges and learnings are arguably less vocalised in retail as a whole. As a result, progress in cybersecurity can be slow as each retailer embarks upon its own journey.

Greater cooperation between retailers would be a boon to security. If cyber learnings were shared more readily among competitors, or if peers collectively pushed regulators to define a framework like we see more readily in sectors such as manufacturing, then the industry will be able to advance at a much greater rate.

Many would agree there has been a heightened sense of community during lockdown. With shops eventually starting to re-open after a three month hiatus, it would serve the retail sector if this sense of comradery was also reflected in approaches to cybersecurity as well.

This, combined with a more holistic view to device management and security, could ensure that retail companies have at least one less pressing issue to address after what has undoubtedly been a tremendously difficult and turbulent time.

Comments are closed.

    Recolight right-hand skyscraper April 20
    Perspex right-hand skyscraper March 21
    Inspired Lighting right-hand skyscraper Aug 21
  • A1 Retail Twitter

  • Search