While greater use of connected devices is essential to retail’s future, ongoing automation and significant IoT growth create a larger opportunity for cyber-attacks, data breaches, and theft, crimes that are already on the rise.
Indeed, notes Margot Juros for IDC Planscape, as of June 2022, cyberattacks continue to be on the rise: “The number of IoT devices employed globally is growing quickly and forecast to reach a total of over 40 billion devices by 2025. Retailers in particular are expected to increase spending on IoT solutions to reach over $84 billion by 2025, according to IDC forecast.”
IoT devices can carry a notable level of vulnerability due to the wide range of roles they play across networks to support the supply chain, building management, and retail operations. This translates to a greater threat surface or space across which potential vulnerabilities can be identified.
Without a reliable security management system (either in-house, if one can afford to have their own dedicated team, or via a third-party consultant/service provider), covering all those IoT devices will prove difficult to say the least. This is particularly true if an organization already needs better cybersecurity infrastructure.
Having a high-speed network helps provide fast, low-latency visibility across your data infrastructure. With the price and availability of services such as 5G fixed wireless solutions, it’s a no-brainer to ensure your speeds are up to snuff to ensure smoother operation.
Continues Juros, “...more than 50% are piloting or are in production with IoT use cases for automated checkout, traffic analytics, real-time inventory visibility, and queue management... IDC estimates that the number of connected IoT devices worldwide will grow to 35 billion by 2023 and to almost 42 billion by 2025.”
That’s the why—the growth of IoT device adoption has increased that aforementioned attack surface tremendously (cites Juros, according to a recent NRF survey in 2021, some 57% of retailers reported an increase in organized retail crime)—but what is involved in IoT cybersecurity when it comes to an actual response?
As with all security, IoT starts with an awareness of and official recognition of the problem followed by highly proactive planning, an action plan focused first on ensuring visibility and a thorough understanding of one’s systems (both in terms of capabilities and vulnerabilities.
From the start of this process through to the realization of a detailed security plan, C-suite and other departmental leadership involved in areas such as loss prevention, retail operations, supply chain efficiency, and employee even (or especially) employee training need to be directly involved.
These are the key players in organizing that institutional awareness on security vulnerabilities and best practices that are so part-and-parcel to a secure data infrastructure at any organization, let alone a multinational retail corporation.
The ‘human’ element remains commonly cited by IT and cybersecurity professionals as the top threat vector; in other words, that people make mistakes is the single greatest source of security breaches, that suspicious email that was opened, that one-in-a-million scam attempt that works, so on.
Yet, what does security mean for IoT devices specifically? Let’s return again to the basic problem: IoT devices are increasingly ubiquitous and provide a wide range of function. Businesses much approach security with an emphasis on visibility to devices paired with security systems, protocols, and practices that are flexible enough to respond to emergent threats.
In terms of that flexibility, one can leverage IoT sensors (so long as they aren’t too old to meet modern security standards) to detect your organization’s IoT device IDs. Yet, it’s understandably a challenge that to achieve this flexibility across such a wide area is a notable challenge.
You also have to worry about whether the IoT devices you use are, again, up-to-date, but also able to run the security software your organization adopts. This requires a team that knows the IoT device and cybersecurity world intimately.
Yet, be assured that these and other vulnerabilities can be overcome. It’s again first all about that visibility, but you must also have or retain a posture of astute vigilance, awareness, collaboration, systems knowledge (knowing what to look for) and, to tie into all of that the training to match, notes Juros in the IDC report.
That’s why it is important to have that cybersecurity plan in place before you purchase new IoT devices (either in the event that you are in the middle of your digital transformation, or found that your existing IoT devices just didn’t cut it).
You also need to examine your existing capacity for that training, hiring, and monitoring that goes into proper cybersecurity. Does your business have the capital to make those investments, or do managed services make more sense? This is a serious consideration in a retail world that increasingly leverages third-party management for microservices and other key functions.