The Australian retail sector is coming off the back of a bumper year and ongoing growth is predicted; however, that growth is far from certain as disruptions from the COVID-19 pandemic continue to put household incomes at risk. [1]
Retailers will need to do everything in their power to remain competitive so that they can continue to capitalise on consumer spending trends that have emerged throughout the pandemic.
Pivoting to digital channels to provide online shopping has helped many retailers survive through this time and continuing to provide safe, streamlined digital customer experiences must remain paramount. This means retailers need to be aware of emerging cybersecurity threats that could damage those customer experiences, as well as interrupt the business’s smooth operations.
The retail sector isn’t alone in this. Fortinet’s recent Networking and Cybersecurity Adoption Index 2021 revealed that only 39 per cent of Australian businesses feel highly prepared for a cyberattack.
Retailers are an obvious target for cybercriminals because they collect payment card data and other personally identifiable information on customers. Cybercriminals who can access this information can easily monetise the data and engage in identity fraud, use the information to access customers’ other accounts, and significantly damage the retailer’s reputation. The more a retailer operates digitally, the more vulnerable they could be to this type of attack.
Retail organisations currently face four key challenges:
1. More connected devices
Whether in-store or online, retail organisations rely on a plethora of connected devices. In-store, retailers use connected point of sale (POS) systems, Wi-Fi, sensors, cameras, radio frequency identification (RFID) tags, and more. Online, retailers use eCommerce solutions alongside customer relationship management (CRM) and enterprise resource planning (ERP) systems, all of which contain immensely valuable data and must be secured.
With every connected device or endpoint creating another potential doorway into the business for cyberattackers, retailers are scrambling to make sure every device is protected and every door is locked. However, when retailers use various point solutions to address each security challenge, this adds cost and complexity, so it’s important to find a solution that simplifies this.
2. Distributed network expansion
Retailers tend to do business across a range of locations, which means their networks are distributed. Gaining visibility over these sprawling, multifaceted networks is challenging and can’t be achieved using legacy IT tools. Retailers must invest in state-of-the-art, modern network security tools that deliver visibility and control across the entire distributed network with no gaps or blind spots.
3. Explosion of data
Retailers are collecting and storing more data than ever before with the proliferation of online shopping and digital payment methods. Research has shown that, on average, each Australian adult is a member of between four and six loyalty schemes. [2] These schemes collect significant amounts of personal information that can be valuable for cybercriminals. Retailers are responsible for protecting all of this data, which only continues to grow.
One way to approach this is to use a zero-trust security method that requires all users to authenticate their identity before being granted access to systems, and only grants access to users who actually require those systems to do their job. This minimises the risk of unauthorised access and data breaches. Retailers can make this approach even stronger by segmenting the network in a way that keeps payment card numbers away from customer names and other data. Doing this means that, even if a cybercriminal accesses one part of the network, the information they gain will be practically useless.
4. Insider threats
People are the weakest link when it comes to security in the retail sector because they can make innocent mistakes or a disgruntled employee could deliberately expose data. Usually, the insider threat comes because employees aren’t well-trained to identify potentially cyberthreats and stop them in their tracks. For example, a phishing email that instructs an employee to click on a link and re-enter password details can compromise the retailer’s entire network but, if the employee has been trained not to click on those links, then the risk is not as great.
With this in mind, retailers should invest the time and resources required to sufficiently train staff members to recognise potential malicious attacks and avoid falling victim. It’s important to note that a single training session is not enough; people require regular communication and reinforcement to internalise security messages and modify their behaviour.
Retailers need to ensure strong customer experiences and protect their own reputations by securing their networks. This will help ensure that networks perform strongly and support business growth.
Jon McGettigan is regional director for Australia, New Zealand, and the Pacific Islands at Fortinet.