Rising IoT adoption in retail increases security concerns
The e-commerce disruptors in retail who are fueling consumer demands for speed, convenience, and personalized experience have also fueled a rapid escalation of IoT device adoption in retail supply chain operations. Some of the most commonly found IoT devices in retail supply chain ops are handheld computers, cameras, printers, IP Phones, physical security, point of sale systems, workforce management, tracking and location systems.
While retail is one of the most mature ecommerce industries, the COVID-19 restrictions of 2020 forced a dramatic shift in the purchasing habits of buyers with a 32% increase in online retail sales, thereby advancing the industry’s digital transformation even further. A June 2021 industry survey from NRF and Euromonitor International reported on these trends with three key findings:
- 72% of retail professionals say COVID-19 accelerated their company’s digital transformation by at least a year
- 73% say the pandemic accelerated their technology-related investments
- 58% say COVID-19 accelerated their company’s new technology-related product launches
This accelerated digital transformation is largely enabled by the near-ubiquitous adoption of IoT technologies across the supply chain. The retail supply chain is a complex global ecosystem of manufactured goods, physical and virtual storefronts, logistics, distribution, and enormous amounts of data most commonly driven by omnichannel retail operations. Moving goods through this ecosystem, around the world, and into the hands of consumers at home or in stores, within days or even hours, requires countless network connected devices and sensors. Some of the top use cases for IoT in the retail supply chain include:
- Faster fulfillment and improved order accuracy with automated guided vehicles and robots, handheld scanners, and VR/AR picking systems
- Real-time inventory management with RFID and other sensors
- Distribution automation for a more real-time distribution management by connecting previously air gapped or siloed systems
- Enhanced customer experience with handheld POS and behavior monitoring sensors in-store
- Affordable loss-prevention in stores and distribution centers with on premise monitoring security cameras and sensors
Reliance on these devices is not slowing down anytime soon. The advancement of IoT technologies is predicted to continue to drive revenue in retail at a rate of 26.0% CAGR from 2021 through 2028, reaching a valuation of USD 182.04 billion, according to a recent market analysis published by GrandView Research.
Mitigating cybersecurity risks in retail IoT
Operations, security, and IT executives in retail should be thinking of the number of IoT devices across the supply chain and in stores, up to 57% of which are vulnerable to medium or high severity cyber attacks, that could serve as intrusion points to enable lateral movement into business critical areas of the network.
Existing IoT security solutions available in the market today are insufficient for IoT-intensive environments like retail as they employ an alert-only approach, provide partial visibility with dated signature-based discovery methods, are unable to provide device segmentation into trust zones, and have complex deployments which overburden infrastructure and security teams.
Given the aforementioned challenges, how can CISOs in retail secure the advancement of digital transformation with IoT technologies while minimizing the risk of business disruption and maintaining the performance of the network?
Retail CISOs need an IoT security solution modeled on a prevention-first approach, as opposed to alert-only, to eliminate risk of managed and unmanaged devices across retail stores, warehouses and distribution centers. The top capabilities that retail CISOs and IT leaders should look for in an IoT security solution include:
- Complete visibility of all devices, including quick and accurate discovery of previously unseen and unmanaged devices, with device context and risk status across the retail supply chain including stores, warehouses, and distribution centers.
- Built-in threat prevention instead of an alert-only approach to keep the network safe from all threats and vulnerabilities posed by unmanaged devices.
- Seamless integration into existing workflows, reducing the burden of deployment and configuration on infrastructure and security teams.
- Network segmentation by least privileged trust zones following the Zero Trust security principles using NGFW or network access control enforcement points to minimize the risk of lateral movement of threats across the network.
- Machine learning coupled with crowdsourced data to quickly and accurately assess risk, detect anomalies, and recommend trust-based policies for enforcement.
Conclusion: The future of stable retail operations is IoT security
As retailers continue riding the wave of technological innovation and transformation CISOs and IT teams in retail must innovate and transform security operations in parallel by rethinking connected device security. To keep up with the growth retailers need an IoT security methodology that is more comprehensive, automated, efficient, and precise than traditional security solutions can provide.
Retail CISOs must evolve past legacy solutions in favor of a complete IoT lifecycle, from the discovery of IoT devices and their associated risks to cyber attacks threat prevention actions that enforce real time protections. This approach creates a security posture that reliably enables IoT-based operations and protects the retail network from existing and unknown threats.
Read our e-book The Enterprise Buyer’s Guide to IoT Security to learn more about the current state of IoT adoption, unique challenges facing security teams and the five key stages in the lifecycle of a best-in-class IoT security solution.