Retail is going to face a range of rapidly changing and evolving technologies and customer habits in the year ahead. Here Malcolm Murphy, Technical Director, EMEA at Infoblox takes a look at some of the hot buttons you may need to press come January.
Retailers, ecommerce pure-plays and most customer facing businesses and brands have been faced with a decade of rapidly changing technologies and, as a result, huge shifts in consumer behaviour. 2020 isn’t going to see that slow down… so what are you going to be up against in the year ahead?
1: Embedded video in connected devices will take security threats to another level
As technology advances, the threat landscape is only going to grow in both volume and complexity. The rate at which badly-behaved devices are connecting to networks is going to be the biggest problem. Research from IHS Markit projects there will be as many as 30.7 billion IoT devices in use in 2020, which is expected to more than double to 75 billion by 2025 - this explosion of smart devices on the network only widens attack surfaces.
I strongly suspect that video cameras in IoT connected devices, such as video doorbells and embedded cameras in smart speakers, will be the next big threat to the network due to the richer information sets they hold. Since these devices are collecting more and more data, they are becoming increasingly interesting targets for hackers, so that data is at a higher risk of being compromised. Despite this risk, security is still not being prioritised by manufacturers in the design of smart products, so until this is addressed, we’ll continue to see breach levels rise.
2: ‘Zero Trust’ still won’t be a reality
Despite the hype, no one is actually doing “Zero Trust” yet. Putting the infrastructure in place to enable organisations to verify anything and everything trying to connect to its systems before granting access is a really hard thing to do, as we can’t easily layer it onto existing technology at scale
As it stands, we’re nowhere near being able to implement the Zero Trust concept at a cost-effective level, and this is unlikely to change in 2020. This approach will remain difficult, expensive and inconvenient. I think it will take a catastrophic event or new regulation to make organisations invest in Zero Trust, it won’t happen on its own.
3: We can no longer assume everyone is coming through the drawbridge, and need to secure the castle accordingly
Compared to the midyear of 2018, the number of reported breaches was up 54% in 2019 and the number of exposed records was up 52%, according to a report published by Risk Based Security. Networking is changing, and security has to change with it. As new ways of networking come to light, so do new points of vulnerability. For example, an organisation may have assumed it was routing everyone through a drawbridge, now it’s added several windows, doors and bridges. Assuming that everyone still come through the front door, despite all of these new points of access, makes you vulnerable.
It’s easy to go down one security path but not step back and consider the wider, changing needs. In 2020, organisations will need to stop and re-think their approach to network security based on the changes they have made to their infrastructure over time.
4: Smarter stores will create friction for retailers
A big driver of network security for retailers is smarter stores, which leverage in-store tech and networking through interactive screens, electronic shelf labels and more to improve in-store customer experience. Retail is, however, as hostile and unsophisticated an environment for IT as you can imagine, thanks to low budgets and outdated, legacy systems.
Retailers are used to assets having an incredibly long lifetime; point of sale systems, for example, are a big investment made to last years. This mentality will create friction between legacy technology and the push for smarter stores, and security investments are likely to fall to the bottom of the list. This conflict in mentality, alongside lower footfall as more consumers’ favour shopping online, is going to be an issue for retailers trying to improve in-store customer experience in 2020.”
5: CSOs are playing a rigged game
Many CSOs will lie awake at night worrying about their organisations security. The fact is, it’s unlikely to be a question of “if”, but a question of “how”. While CSOs are fighting a constant battle against the breach, it’s almost as though they’re playing a game that is rigged against them.
It’s hard to maintain a proactive mindset knowing that the likelihood of a breach is high. To minimise the burden, CSOs need to get buy in from the wider leadership team from the offset, and manage expectation that even with the best will in the world, hacks can’t always be prevented.
According to IBM’s 2019 Cost of a Data Breach Report, data breaches cost organisations a staggering $3.92m (£3.04m)on average. I expect that, as we move into 2020, more business leaders will come to recognise that earlier involvement of cyber security experts can help avoid a major data breach, which could derail plans, cripple production operations, or worse, cause a total loss of trust in the brand.
6: All the latest technology won’t save you if you leave the front door unlocked
When it comes to security, more isn’t always better. Even with state of the art security, hackers are still one step ahead. Old-fashioned ransomware still wreaked havoc in 2019, which old school protection could’ve prevented. For those using technology for good, it’s not necessarily the tech you deploy, it’s how you deploy it.
Those that continue to be pre-occupied with the latest shiny and new technology in 2020 will put themselves in the firing line for security breaches. Before you look at purchasing the latest upgrade, think about getting the most out of what you’ve got and ensuring the basics are done right first.
Threat hunting is a proactive way to help you get the most out of your existing systems and understand which areas are vulnerable. Looking at how you share and enrich this threat data and context across multiple technologies and how this data informs other security tools is also key. If you have two security tools working well, they will almost certainly work better if they are integrated and share data.