The Rush to Deploy the Latest In-Store Technology is Compromising IT Security
Digital transformation is accelerating the pace of change within the store environment. Retailers are under pressure to move quickly to implement the latest in-store capabilities to help separate themselves from the competition and provide a reason for repeat trips to the store. These retailers are blurring the physical and digital worlds to drive deeper customer engagement, loyalty, and emotional connections with a brand.
In practice, this translates to an avalanche of new technology and data analytics tools sweeping into retail outlets large and small. Self-checkout kiosks and mobile point-of-sale devices promise to enhance convenience for customers. In-store Wi-Fi, dressing room tablets, RFID, and augmented reality capabilities aim to enhance engagement and customer service capabilities.
Connected devices that monitor heating and cooling, on-shelf inventory, and interactive digital signage are transforming operations and optimizing the way stores are managed. To the customer, these changes and technology implementations should appear seamless. But to the retailer, adopting these capabilities creates many challenges and represents a radically different way of doing business within the store environment.
The Risk Behind the Reward
Retail is prime for fresh ideas and new approaches; the technologies being introduced in brick-and-mortar locations really do help to elevate the customer experience and create an incentive for shopping offline and driving purchase intent.
At the same time, these new technologies and endpoints in retail environments — mobile devices, SaaS applications, kiosks, IoT, mobile point of sale, and Wi-Fi — offer an expanded attack surface for bad actors to exploit. And, alarmingly, many store networks rely on outdated on-premise hardware models that introduce single points of failure and open the door to vulnerabilities, malware attacks, breaches, and just about every threat the digital age presents.
Omnichannel retail has created complex security architecture for retailers to manage and maintain on their own, leaving traditional defenses outdated and ineffective. This is exacerbated by the fact that many new technologies, particularly IoT devices, have not been designed with security in mind. As a result, many new in-store technologies have increased complexity for IT teams to manage and unruly security environments to tame and control.
Consumer-driven technologies and rising expectations will only continue to accelerate change, forcing retailers to rethink long-term security strategies, adopt agile network security architectures, and replace legacy patchwork solutions that heighten risk. According to The State of Network Security report for 2016-2017 from Forrester, 40% of enterprises are upgrading or planning to implement next-gen firewalls within the next 12 months.
Investing in adaptive security architecture, such as cloud-based firewalls, helps retailers keep pace with the rate of change in the evolving retail landscape. Otherwise, legacy defenses may work against you, creating an environment ripe for compromise.
Bolstering Digital Defenses
Considering how much variety exists in physical retail environments and how many new technologies and endpoints have come into play, there is not a one-size-fits-all approach to security. However, there are specific strategies and considerations that all retailers should focus on as they strive to turn current vulnerabilities into strengths:
1. Be mindful of segmentation. Today’s retail environments are full of dozens of new endpoints, and many are vulnerable to malware infections and exploits that can bring down the entire retail network if not segmented properly. The risk is even greater when seasonal and contract employees are added to the mix — remember that threats arise both internally and externally.
Protecting the retail environment begins with retailers securing access methods to the internet from the physical store, especially for IoT devices and guest Wi-Fi systems. They must also properly segment the IoT subnet from employee, POS, and guest Wi-Fi subnets — with separate policies for the internet — while ensuring that in-store devices have restricted communications with only whitelisted IP addresses. This year, 85% of enterprises plan to introduce IoT devices, but only 10% feel confident in their ability to secure them. Make sure you fall into that minority.
2. Cut down on operational complexity. Moving from on-premises hardware models to the cloud reduces management complexity, especially for retailers that operate large store networks but have strained IT resources and limited budgets. With cloud-based firewalls, updating and refining security policies for the various store subnets across the retail network is streamlined, resulting in simplified and more robust security architectures.
The days of retailers managing and patching anti-malware on individual endpoints across the retail network are over. The time cost is too great, and the risk introduced by a single unpatched endpoint is too high. According to Forrester’s Top Cybersecurity Threats In 2017 report, software vulnerabilities accounted for 42% of external intrusion attack methods in 2016.
3. Don’t stop at PCI compliance. While PCI compliance is a critical part of a retailer’s security strategy, it’s a little like making sure a lock is on the front door, but not guaranteeing the door stays bolted shut. Cybercriminals are constantly uncovering new entry points and vulnerabilities to invade your store network outside of the cardholder data environment, with the aim of stealing sensitive company and customer data.
It’s vital for retailers to focus not only on the prevention of cyberattacks within the retail environment, but also on the detection of suspicious and malicious activity. Retailers should implement supplementary security measures beyond PCI compliance to build layers of defense. Next-gen firewalls that offer intrusion protection and detection, web content filtering, and sandboxing enable retailers to do just that.
4. Prioritize threat intelligence. Because retailers cannot prevent all attacks, leveraging actionable threat intelligence is imperative to alert retailers when devices and network assets have been compromised and are communicating with unapproved or malicious IP addresses, which could be C2 servers and their botnets. Threat intelligence analyzes for suspicious network communications and alerts to policy violations and vulnerabilities.
Gartner predicts that by 2020, 60% of digital businesses will suffer major service failures due to the inability of IT security teams to manage digital risk.* What’s more, Gartner also predicts that by 2020, 60% of enterprise information security budgets will be allocated for rapid detection and response approaches, up from less than 30% in 2016. The implications for retailers are clear — the time to act and invest in threat intelligence defenses is now.
Innovative technologies help retailers differentiate the customer experience and bring the best of online digital engagement into the store environment. Retailers can build robust layers of defense with adaptive security architectures to better prevent and detect threats or exploits. And within a rapidly evolving omnichannel threatscape, that’s a priority everyone can agree on.
Susan McReynolds is retail strategy manager for Level 3 Communications, where she works with customers, analysts, and industry leaders to keep a pulse on the IT trends and challenges facing today’s omnichannel retailers. Before joining Level 3, Susan worked with leading national and global athletic brands to develop custom visual merchandising programs.
Stitch Fix, Trunk Club and Le Tote upping the ante on online apparel retailing
When it comes to brands that stand out in online apparel shopping segment, subscription services are leading the pack.
Apparel subscription services, like Stitch Fix and Trunk Club, and introduction of Amazon’s Prime Wardrobe are disrupting the apparel segment. While the subscription method of shopping for apparel is still in its infancy, consumer reach — and interest — is growing, according to research from The NDP Group.
Stitch Fix, Trunk Club and Le Tote subscription membership grew to nearly 5% of online shoppers. Their average annual spend per purchase increased 5% to $170, according to NPD’s Checkout Tracking E-commerce information.
The Stitch Fix subscriber gave one-third of their online apparel wallet to Stitch Fix. Trunk Club subscribers gave 40% of their online apparel wallet to Trunk Club.
“We have entered a new world of retail where the traditional leaders are faced with unconventional channel competition, and subscription services are the newest player,” said Marshal Cohen, chief industry analyst, The NDP Group.
“Consumers are more critical about the purchases they make today and no longer purchase just for the sake of purchasing,” he added. “The personalized approach of subscription services complements the shift toward more prioritized spending.”
While only 15% of consumers have ordered subscription boxes, another 14% haven’t yet ordered them but plan to. However, 35% don’t even know what these services are — which presents an untapped customer segment for subscription-based retailers.
Some subscription services are also adding an additional dimension to the emerging retailing genre. From Amazon’s Prime Wardrobe to Stitch Fix, Trunk Club and Floravere, these retailers are giving shoppers the opportunity to “try before you buy.” With no upfront charge or added fee, shoppers can return unwanted pieces and pay only for the items they keep. One feature that gives Amazon’s soon-to-launch service a leg-up on its competition however, is that it enables shoppers to pick out their own clothes — without paying a styling fee.
“There is a great deal of room to grow within the subscription model, and the competitive field will continue to expand as online retailers develop subscription services and options for auto-replenishment of fashion basics,” added Cohen. “This kind of innovation, delivering personalization and convenience, will continue to change the face of retail for fashion.”
Another department store retailer targeted for its real estate
Macy's and Sears are by no means the only department store companies with valuable real estate.
Activist investor Snow Capital Partners has built a position in Dillard's Inc. and is planning to push for changes at the retailer, including unlocking the value of its real estate portfolio, Bloomberg reported.
“Dillard’s is essentially an underleveraged real estate company that is masquerading as a low productivity retailer,” Snow Park managing partner Jeffrey Pierce stated in an email in the Bloomberg report. The investor said Dillard's store's properties should be valued at upward of $200 per share.
Based in Little Rock, Ark., Dillard’s operates 268 stores and 25 clearance centers across 29 states. The company owns about 90% of its store square footage, the report said.
To read more, click here.