Cloud technologies and the IoT have opened up seemingly endless possibilities for the modern retail organisation. Customers have never had as much control over purchasing decisions as they do today, with the ability to make transactions at the touch of a button for goods and services from the comfort of their own homes or on the move. However, the customer data lying at the heart of this frictionless shopping experience presents an ever more attractive commodity to cyber criminals. Attacks are growing in number and it has been reported that in the last 12 months there have been 19 significant data breaches. This presents a major problem for both retailers and customers.

In addition to the immediate disruption and downtime a breach can cause, the damage to the reputation of a business or brand can be lifelong. With GDPR related fines from the ICO now as much as €20m or 4% of an organisation’s global annual turnover, whichever is higher, the resulting combination of the cost of the breach itself, reputational erosion and any crippling fines can be devastating. It is therefore essential that retailers are aware of the steps and procedures they should be following to ensure full data compliance and to guarantee the integrity of their IT infrastructure.

Ensuring full GDPR compliance

It’s vital to ensure that everyone understands the security implications and knows how to respond effectively in the event of a breach. Internally, all teams and departments should have the confidence to raise the alert if a breach is suspected. Externally, companies should look to encourage conversations across the entire supply chain to ensure requirements are effectively met and security risks are adequately addressed.It is a requirement of the GDPR that the necessary steps be taken to guard against attack and protect existing software and systems. Effective cybersecurity lifecycle management of IoT devices, such as network video surveillance cameras, is an example of a measure which should be put in place to help prevent such devices from being compromised, mitigating risk and ultimately maintaining customer trust. Establishing a truly secure retail solution can only be accomplished if security has been analysed at every stage.

Evolving physical systems

For protection of the physical retail environment, the move away from legacy security solutions such as traditional CCTV, which typically sat outside of a company’s IT operation, to the modern cloud-enabled security technologies we see today, allows retailers to unlock a wealth of business benefits previously impossible with analogue technologies. Today’s systems provide far greater accuracy of detection, vastly improved image quality, even in low light, and an array of business intelligence options to aid operations, such as people counting, queue monitoring and stock control. 

The ability to create live security alerts as well as forensic evidence for later analysis allows security teams to be proactive rather than reactive. In addition, the growing use of edge capabilities to process data within the cameras themselves negates the additional time and potential lag associated with continually passing surveillance information back and forward to servers, streamlining and therefore vastly improving operations. 

System vulnerabilities equals vulnerable data

For network cameras being introduced onto an IT network, it’s essential to ensure that they do not become compromised and used as a backdoor to gain entrance to a business’s innermost workings and most valuable commodity; its data. The importance of guarding against system vulnerabilities cannot be ignored and it is therefore vital to ensure that all installed technologies are Secure by Default; built from the ground up with cybersecurity considerations at the forefront, to strengthen system security. In addition, software updates and firmware upgrades will keep the devices protected in line with the evolving threat landscape.

Forging and maintaining relationships with stakeholders is key to establishing a healthy supply chain built on mutual trust and respect. Only by following such an approach can the integrity of systems be fully guaranteed, with trusted vendors and installers working together to ensure that ethical practices are followed, and cybersecurity principles are adhered to. Due diligence should be carried out to make sure that all stakeholders involved in the manufacture, supply and installation of security software and systems understand the importance of keeping security best practice at the forefront of everything they do.

Addressing the ongoing challenge

Retailers must be able to rely on technologies that support their operational requirements and address associated risks, while at the same time, supporting IT security policies. By following procedures around the cybersecurity of IoT devices, and realising the importance of implementing high quality products and services through relationships with trusted vendors and partners, retailers will benefit from connected physical security systems that deliver on the promise of better protection of the business and customer, to effectively mitigate the mounting cyber security threat.


Written by Steven Kenny, Industry Liaison, Architecture & Engineering at Axis Communications.

PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.

comments powered by Disqus