For most businesses, the physical store is just as dependent on the IT system as the online website, which presents a potential problem.

Physical stores are increasingly reliant on Internet of Things (IoT) devices such as stock checkers, smart shelves, predictive maintenance equipment, and more. Physical security devices such as CCTV, video surveillance, and alarm systems are often connected to the internet and the scope of these devices makes them vulnerable to cyberattacks.

Hexnode founder and CEO, Apu Pavithran discusses the major blind spots when it comes to IoT security, what retailers need to consider when undertaking technological transformation, keeping trust in check, balancing IoT adoption and customer experience, as well as the future of IoT adoption and its impact on security.

Major blind spots of IoT security

The issue with many IoT devices is they often lack proper security framework, and this makes them an easy target for hackers, according to Pavithran.

“While manufacturers handle the security blind spots in their devices, it is equally important for retailers to stay equipped against the growing security threats. There’s no doubt that, currently, most of the IoT devices are logged into the cloud for storage and sharing of data. However, with so many devices connected to the cloud, retailers could lose track of them all, leaving them susceptible to attacks,” he told Retailbiz in a recent interview.

“We know that retail giants like Ikea and McDonalds are a few of the many ransomware victims of 2022. Unfortunately, these attacks can often be traced back to a lack of basic security measures. For example, many companies still use legacy passwords and inefficient encryption techniques. When it comes to IoT, privacy concerns have always been a threat and the retail sector is no exception.”

Retail devices often collect a lot of sensitive customer information including behaviour, preferences, movements, and financial details; yet many vendors are still using age-old passwords to secure their devices and point-of-sale systems. “If companies do not opt for stronger authentication and device management mechanisms, these concerns will always remain a blind spot for retailers,” Pavithran said.

Security factors to consider

Many bricks-and-mortar and online retailers operate in tandem, employing a variety of technologies, such as cloud-based e-commerce platforms and point of sale systems in stores. However, this hybrid model increases the number of cybersecurity threats for e-commerce, warns Pavithran.

“While considering a highly scalable digital transformation, the retail industry face security hiccups due to software vulnerabilities, cloud-based botnets, Near Field Communications (NFC), lack of point-to-point encryption (P2PE) in POS systems, and the use of insecure third-party plugins,” he said.

“One of the key difficulties for retailers is finding a balance between security and operational effectiveness. Retailers need to make sure that their security measures don’t interfere with routine business operations or unnecessarily disrupt customer experiences.

“Retailers need to balance operational effectiveness with strong security measures. This can be done by installing security solutions made to operate smoothly with current processes and operations, as well as giving staff members in-depth training to make sure they are aware of and capable of adhering to policies and standards.

“Invest in a unified endpoint management solution that can detect, analyse and respond to new breaches or attacks and secure diverse devices and vulnerable endpoints. This would also include regular data backups, implementing Multi-Factor Authentication (MFA), performing security updates and patches, and implementing Zero Trust (ZT) measures.”

Keeping trust from customers in check

Retailers are accommodating a growing array of mobile devices, including Bring Your Own Device (BYOD) setups, incorporating enterprise devices like kiosks, barcode scanners, and IoT devices. As a result, managing the enrollment, provisioning, locating, tracking, and securing these devices has become more complex, according to Pavithran.

“In addition, there is a pressing need to ensure a consistent user experience across the enterprise and its expanding range of heterogeneous supporting environments. Amid these changes, the Mobile Device Management (MDM), Unified Endpoint Management (UEM), and Enterprise Mobility Management (EMM) markets are evolving to meet these new requirements, but this progress has led to confusion among end users,” he explained.

“Establishing trust in these systems involves employing practices such as monitoring, generating reports, diagnosing and resolving device and user-related issues, maintaining a complete record of configured email accounts on registered mobile devices, identifying password policies and encryption settings, detecting and restricting jailbroken devices, and tracking and remotely locking or wiping devices in case of theft.”

A UEM solution like Hexnode helps monitor device connectivity, uptime or downtime, and the performance of kiosks. MDM solutions facilitate the deployment, management, and security of both in-house and third-party apps. “Retailers can assign mandatory apps to be pushed to all devices while blacklisting potentially harmful apps to prevent their installation on managed devices.”

Balancing IoT adoption and customer experience

To improve customer experiences, bricks-and-mortar retailers have a range of tools at their disposal, including digital signage, IoT-enabled stores, cloud connectivity, mobile POS systems, NFC technology, and analytics.

“However, to fully leverage these technologies, retailers must first establish trust with their customers regarding payment security and data privacy,” Pavithran said.

This can be achieved through transparency, strong security measures, and the use of analytics to personalise the shopping experience. The integration of cybersecurity with IoT technology is also important to ensure the protection of connected devices and systems.”

The future of IoT and its impact on security

With increasing pressure to keep up with consumer demands and quality service, the dependence on IoT has been boosted within the retail sector, according to Pavithran.

“It’s anticipated that as IoT expands, so will the security threats posed by these devices. IoT devices will be subjected to attacks on various IoT layers that span both the physical and cyber aspects. This increased risk of IoT security breaches is expected to drive the adoption of regulations and standards for IoT devices,” he said.

“For instance, the European Union has already introduced the Cybersecurity Act, which establishes a cybersecurity certification framework for IoT devices. Moreover, there will be a stronger emphasis on security in IoT product design, deployment, and management. With a greater understanding of the IoT lifecycle, many stakeholders are more likely to collaborate. The industry will also adopt new technologies, such as blockchain and artificial intelligence, to help address security risks associated with IoT devices.”