by Jarek Matschey, Director Retail, VMware EMEA
Retail is in a state of reinvention. More than 85,000 retail jobs were lost in the UK alone in 2019 and a third of FTSE 350 CEOs changing, according to Accenture – and trends not specific to the UK.
The point is, retailers need everything in their armory to innovate and identify ways to keep customers engaged – and returning. One of the biggest threats to this is security.
According to the British Retail Consortium nearly 80% of retailers saw an increase in cyber-attacks over 2018. The same report found spending by British retailers on cybercrime shot up from £139 million (in 2017) to £162 million in 2018) – an increase of 17%. Cybercrime is a big problem in retail, and one getting bigger as criminals are spurred on by numerous success stories in which not even the biggest names are safe.
With retailers rolling out new payment processes, digital experiences for customers, and other more immersive enhancements, the need to ensure consumer privacy and protect sensitive business information is critical. But data breaches are inevitable. It is a subject we’ve looked at in our latest Forbesinsight report, ‘Retailers struggle to keep up with cybersecurity threats’.
Retail – the No.1 target for cybercriminals
Shoppers are fickle and once trust is broken, it can be forever. And if there was ever a time retail needs its customers, it’s now. Only this month the global fashion brand, H&M, apologised for data protection breaches, involving the details of employees being stored illegally, which could see the company face a fine of close to US$1 billion. It was also recently announced that the ICO is to fine Dixons Carphone, the parent company behind UK electronics retailers Currys PC World and Dixons Travel, £500,000 over a data breach affecting its point of sale systems that affected millions of customers between July 2017 and April 2018.
Retail represents the number one target for cyber criminals. According to Trustware’s 2018 Global Security Report, the retail sector accounts for 17% of all cyber-attacks. It is particularly vulnerable because retailers routinely transfer vast amounts of money and sensitive data including bank and payment card information.
Little wonder then that security must be built into everything retailers do.
Minimal friction, maximum security
The biggest problem retailers have is data, and protecting it. Today’s consumers expect speed and personalisation. This means more and more information is collected to deliver the experiences they expect and is driving retail touch points to be automated. Consumers want minimal friction. Look no further than the rise in popularity of contactless payments.
More than half of shoppers say they prefer online shopping to in store and that is music to the ears of cyber criminals. This is because a drive to reduce friction and increase automation comes with risk. There is not only more data to safeguard and manage but infinitely more windows for a threat to emerge like; a mobile phone, an IoT device or an eMarketing campaign. Technology itself is far from the only challenge. People and processes too represent potentially open windows or cracks in the system for criminals to exploit.
Our report found the leading threats to retail environments come from issues at the end-user level. Password phishing is the most common, cited by close to one-third (31%) of shoppers. Identity and access issues have also been experienced over the past three years. Social media cyberattacks are also a frequent source of incidents, seen at close to one in four retail organisations
Increasing vulnerability in a hyperconnected mobile world
The situation is no different to the masses of customer data and touch points banks or healthcare operators use, for example. But as consumers we perceive those services differently. We subconsciously expect security checks and and ID verification in those instances. The opposite is true in retail where we want a great shopping experience without hassle while knowing we’re protected.
There are now more devices in-store collecting data on people’s movement or stock on shelves, all of which need protecting. Looking further afield retailers also need to secure the supply chain too. The number of potential vulnerabilities is increasing exponentially in an increasingly hyperconnected mobile world yet there is a huge focus on building connectivity and the exchange of information.
CIO the centre of security
This is why the role of the CIO in defining what the security story is is becoming so critical. This position has to be the one at the helm of the security story and is the most important executive for overall business success in a transformed retail universe. It’s something VMware has looked at in detail in its Forbesinsight report, The retail CIO OF 2025.
The report found that within five years, retail CIOs will be directing complex, global omnichannel strategies as next-generation technologies completely transform the retail marketplace. Already, 79 percent of retail CIOs are primary drivers of innovation for their firms, while 60 percent believe they will be responsible for overall corporate strategy in five years. Getting security right is an essential plank of their remit; who wants a security breach on their watch?
Retail CIOs must simultaneously champion technology change and undergo personal transformations into leaders aligned with business stakeholders and board of directors, capable of navigating through uncertain competitive and technological waters. This means adopting emerging technologies such as artificial intelligence (AI), machine learning (ML), and Internet of Things (IoT), as well as preparing to guide their organisations through enormous cultural shifts arising from deploying these nascent technologies.
The need for built-in security
But, in the here and now, getting security right at a foundational level is equally as critical. From shop assistants’ IoT devices to the in-store wifi, there are so many areas that must be addressed; is the network configured and segmented in the right way? Are all IoT devices protected? Do they have broad base access? Do they use encryption? This is endless because the vast amounts of data and information retailers are now dealing with.
Retail today is about everything being secured across the infrastructure. It is no longer enough to understand where data is. Retailers must know how it is being collected, transferred and what is happening with it on each stage of the journey and every interaction. This means having the right storage that is architectured as part of the infrastructure – it’s about built-in security.
And as our report reveals, today’s security is way too complex and involves way too many products. We believe there has to be a shift from ‘chasing bad’ to ‘protecting known good’ thereby mitigating risk by reducing the attack surface. To do this, security needs to be intrinsic to your environment and aligned to your apps and data.
Prevention is better than cure
Technology and IT is critical to all retail now. Processes, supply chains, digital signage, PoS, you name it. Absolutely every element of the retail landscape requires security. This means getting it right isn’t a bonus or benefit – it’s as critical as the cash in the tills. Get it wrong and retailers will have to content with the ramifications of a breech – from fines relating to GDPR to negative impact to reputation.
But prevention is always better than cure. It is safer and easier to invest in the right security and technology infrastructure upfront rather than try to fix it when it goes wrong. This is where VMware can help.
Please visit us at Let’s Talk Retail for more information about how VMware is working in this sector.