The Rush to Deploy the Latest In-Store Technology is Compromising IT Security
Digital transformation is accelerating the pace of change within the store environment. Retailers are under pressure to move quickly to implement the latest in-store capabilities to help separate themselves from the competition and provide a reason for repeat trips to the store. These retailers are blurring the physical and digital worlds to drive deeper customer engagement, loyalty, and emotional connections with a brand.
In practice, this translates to an avalanche of new technology and data analytics tools sweeping into retail outlets large and small. Self-checkout kiosks and mobile point-of-sale devices promise to enhance convenience for customers. In-store Wi-Fi, dressing room tablets, RFID, and augmented reality capabilities aim to enhance engagement and customer service capabilities.
Connected devices that monitor heating and cooling, on-shelf inventory, and interactive digital signage are transforming operations and optimizing the way stores are managed. To the customer, these changes and technology implementations should appear seamless. But to the retailer, adopting these capabilities creates many challenges and represents a radically different way of doing business within the store environment.
The Risk Behind the Reward
Retail is prime for fresh ideas and new approaches; the technologies being introduced in brick-and-mortar locations really do help to elevate the customer experience and create an incentive for shopping offline and driving purchase intent.
At the same time, these new technologies and endpoints in retail environments — mobile devices, SaaS applications, kiosks, IoT, mobile point of sale, and Wi-Fi — offer an expanded attack surface for bad actors to exploit. And, alarmingly, many store networks rely on outdated on-premise hardware models that introduce single points of failure and open the door to vulnerabilities, malware attacks, breaches, and just about every threat the digital age presents.
Omnichannel retail has created complex security architecture for retailers to manage and maintain on their own, leaving traditional defenses outdated and ineffective. This is exacerbated by the fact that many new technologies, particularly IoT devices, have not been designed with security in mind. As a result, many new in-store technologies have increased complexity for IT teams to manage and unruly security environments to tame and control.
Consumer-driven technologies and rising expectations will only continue to accelerate change, forcing retailers to rethink long-term security strategies, adopt agile network security architectures, and replace legacy patchwork solutions that heighten risk. According to The State of Network Security report for 2016-2017 from Forrester, 40% of enterprises are upgrading or planning to implement next-gen firewalls within the next 12 months.
Investing in adaptive security architecture, such as cloud-based firewalls, helps retailers keep pace with the rate of change in the evolving retail landscape. Otherwise, legacy defenses may work against you, creating an environment ripe for compromise.
Bolstering Digital Defenses
Considering how much variety exists in physical retail environments and how many new technologies and endpoints have come into play, there is not a one-size-fits-all approach to security. However, there are specific strategies and considerations that all retailers should focus on as they strive to turn current vulnerabilities into strengths:
1. Be mindful of segmentation. Today’s retail environments are full of dozens of new endpoints, and many are vulnerable to malware infections and exploits that can bring down the entire retail network if not segmented properly. The risk is even greater when seasonal and contract employees are added to the mix — remember that threats arise both internally and externally.
Protecting the retail environment begins with retailers securing access methods to the internet from the physical store, especially for IoT devices and guest Wi-Fi systems. They must also properly segment the IoT subnet from employee, POS, and guest Wi-Fi subnets — with separate policies for the internet — while ensuring that in-store devices have restricted communications with only whitelisted IP addresses. This year, 85% of enterprises plan to introduce IoT devices, but only 10% feel confident in their ability to secure them. Make sure you fall into that minority.
2. Cut down on operational complexity. Moving from on-premises hardware models to the cloud reduces management complexity, especially for retailers that operate large store networks but have strained IT resources and limited budgets. With cloud-based firewalls, updating and refining security policies for the various store subnets across the retail network is streamlined, resulting in simplified and more robust security architectures.
The days of retailers managing and patching anti-malware on individual endpoints across the retail network are over. The time cost is too great, and the risk introduced by a single unpatched endpoint is too high. According to Forrester’s Top Cybersecurity Threats In 2017 report, software vulnerabilities accounted for 42% of external intrusion attack methods in 2016.
3. Don’t stop at PCI compliance. While PCI compliance is a critical part of a retailer’s security strategy, it’s a little like making sure a lock is on the front door, but not guaranteeing the door stays bolted shut. Cybercriminals are constantly uncovering new entry points and vulnerabilities to invade your store network outside of the cardholder data environment, with the aim of stealing sensitive company and customer data.
It’s vital for retailers to focus not only on the prevention of cyberattacks within the retail environment, but also on the detection of suspicious and malicious activity. Retailers should implement supplementary security measures beyond PCI compliance to build layers of defense. Next-gen firewalls that offer intrusion protection and detection, web content filtering, and sandboxing enable retailers to do just that.
4. Prioritize threat intelligence. Because retailers cannot prevent all attacks, leveraging actionable threat intelligence is imperative to alert retailers when devices and network assets have been compromised and are communicating with unapproved or malicious IP addresses, which could be C2 servers and their botnets. Threat intelligence analyzes for suspicious network communications and alerts to policy violations and vulnerabilities.
Gartner predicts that by 2020, 60% of digital businesses will suffer major service failures due to the inability of IT security teams to manage digital risk.* What’s more, Gartner also predicts that by 2020, 60% of enterprise information security budgets will be allocated for rapid detection and response approaches, up from less than 30% in 2016. The implications for retailers are clear — the time to act and invest in threat intelligence defenses is now.
Innovative technologies help retailers differentiate the customer experience and bring the best of online digital engagement into the store environment. Retailers can build robust layers of defense with adaptive security architectures to better prevent and detect threats or exploits. And within a rapidly evolving omnichannel threatscape, that’s a priority everyone can agree on.
Susan McReynolds is retail strategy manager for Level 3 Communications, where she works with customers, analysts, and industry leaders to keep a pulse on the IT trends and challenges facing today’s omnichannel retailers. Before joining Level 3, Susan worked with leading national and global athletic brands to develop custom visual merchandising programs.
Lifeway’s merchandising gets a new plan
Lifeway Christian Stores’ shoppers’ needs differ from store-to-store — a factor that pushed the chain to revamp its merchandising processes.
For the specialty retailer, this has meant pursuing macro- and micro-localization strategies. From the macro level, the company still wanted to manage assortments that deliver a consistent brand experience – not only in terms of the products offered, but also in how they are stocked and presented.
However, as customers’ expectations continue to change, Lifeway knows it is paramount to cater to local tastes and preferences.
“No longer can universal assortments or even cluster-level assortments alone satisfy all of a local store’s customers,” said Bill Crayton, the retailer’s VP merchandising. “Micro-localization enables those at the store level who know their customers the best to influence the product assortment and presentation.”
However, an aging, customized merchandising system couldn't support this endeavor. The 12-year-old system managed several million store/SKU combinations — and mostly through manual and spreadsheet-based processes. Meanwhile, order quantities were predetermined based on static stock levels rather than dynamic sales trends — practices that limited ability to meet unique store-level assortment needs.
Lifeway was in need of a modern solution that could provide a ‘single version-of-the-truth’ across the enterprise, driven by calculated store-level sales data. It also wanted a solution that could allocate and replenish merchandise based on sales trends at individual stores.
“We didn't want manual intervention,” Crayton said. “We wanted a forward-looking forecasting process that was easy to use and had all the science built-in.”
The specialty retailer added a software-as-a-service merchandising solution from Relex that centralizes planning process and supports localized store-level intelligence. All users now view information from a store/SKU level, and have visibility to actual and forecasted sales, available inventory and merchandise allocated to pending orders. It also allows the retailer to set or adjust merchandising and inventory allocation parameters on a store-by-store basis.
“The solution also includes all e-commerce sales, inventory, and orders,” Crayton explained. “By integrating e-commerce performance into the solution, we are able to manage stores and online buying through one team, not two.”
Lifeway went live with a large selection of products by August 2016, and began rolling out the solution chainwide “as we entered the holiday season last year,” he added. “We didn’t have any major issues, and everything actually worked very well.”
First, Lifeway focused on macro-localization by centralizing assortment plans, clustering stores together and varying assortments within store groups. Dynamic store replenishment levels and parameters were set along with store-level forecasts and order points. A forward-looking demand forecast can also be shared with the company’s publishing arm and external vendors.
To embark on micro-localization, the solution infuses store-specific intelligence into the process, including assortment-specific requests, significant sales trends and special event awareness. For example, the solution helps store managers to promote local authors, which tend to sell well in their areas. Additionally, stores frequently host events that may require a one-time increase in inventory in specific items relevant to an event.
Further leveraging the solution, Lifeway is adding a mobile application that enables store managers and associates to engage with merchandising plans. Using store-specific customer behavior data, managers can add merchandise to their store’s assortment plan, and adjust their store’s minimum presentation stock. The mobile solution will increase the communication and collaboration between the centralized planning and store teams, and ensure that each store’s customers are better served and important in-stocks are maintained, according to the retailer.
Since adding the solution, Lifeway is better managing store-level inventory and assortments, “which has allowed us to improve inventory turnover, lower clearance inventory, manage markdowns and see margin increases,” Crayton said. “The solution eliminated past manual work and streamlined the ordering process.”
Lifeway is also planning to apply the solution to its promotion planning and forecasting processes. “We are working with Relex to leverage their forecasting solution to improve our promotion planning and ensure we have the products where they need to be when customers are ready to buy,” he added.
Best Buy to restructure its tech army
Best Buy's Geek Squad is undergoing some changes.
The consumer electronics retailer is eliminating about 400 Geek Squad positions, the StarTribune reported. The affected jobs are on the Geek Squad’s covert team, employees who mostly work from their own homes to provide remote technical support. The work will be outsourced to a third party, according to the report.
“Affected agents will have a job, if they choose, with similar pay and responsibilities,” Best Buy spokesman Jeff Shelman said in a statement. “We very much want to keep them and are working hard to do that, especially because we currently have nearly 1,000 open jobs.”
Click here to read more.