Viewpoint - The critical importance of cybersecurity in securing retail’s future
Axis Communications’ Steven Kenny looks at the measures that should be put in place to protect and support the retail industry in the face of mounting cyber threats.
The risk presented by cybersecurity threats has never been greater.
Mounting global tensions and the rise of disruptive forces such as ransomware-as-a-service, masterminded by a new generation of malicious actors, puts today’s retailer in a potentially vulnerable position.
Retailers retain and exchange vast amounts of customer data together with records of transactions and related financial information, which all present a huge temptation to the cyber criminal.
For any retailer, whether bricks and mortar or online, an attack could have serious ramifications, resulting in everything from operational disruption and reputational damage to severe financial consequences.
Though the world’s awareness of cybersecurity threats has grown, defences do not necessarily keep pace.
Retail organisations have seen a 75% increase in the rate of ransomware attacks over the last year, and 77% of organisations reported an attack in 2021 compared to 44% in 2020.
Retail businesses are understandably eager to embrace the benefits of digital transformation by looking to technology to help them operate smarter. But connected devices represent possible points of entry for cyber criminals.
So installing a device, such as an IP camera, onto a network can leave them wide open to attack in the absence of stringent cybersecurity processes. What action, then, is needed to help mitigate the threat?
Protecting against vulnerability with cyber secure systems
The advancements and benefits to be gained from network-connected camera technology over legacy systems are well documented.
But given the cyber threat, it is critical to ensure that the systems employed to improve security do not themselves represent a cybersecurity risk.
That is, it is not inconceivable that the security companies tasked with protecting a retail business’s people and assets could become the cause of a cybersecurity breach.
When considering the use of network surveillance cameras, it’s imperative that the vendors who provide the technologies can offer guarantees as to reliability.
While introducing any device to a network does not come without some element of risk, the retail business should look to work only with companies that embed cybersecurity primitives into their solutions from the ground up to ensure that the technologies employed are themselves cybersecure.
Intelligent solutions to improve retail operations
As regulators struggle to keep up with the explosion of poor quality IoT devices and the vulnerabilities they inadvertently introduce, retailers must carefully consider who they choose to partner with to deliver their security and business intelligence solutions, and the integrity of these technologies.
For the modern retail business, network cameras - used as sensors - combined with the latest advances in analytics software results in a powerful solution which can unlock an array of business intelligence options beyond security alone.
These include people counting, queue management, dwell times, heat mapping and demographic information - anonymised for statistical use – to improve customer experience while also delivering a competitive edge.
Axis’ own ARTPEC-8 system-on-chip (SoC) further enhances analytics functionality based on deep learning capabilities, resulting in an incredibly powerful security and business intelligence tool.
Of critical importance is that all of Axis’ security technologies are manufactured from the ground-up with cybersecurity considerations front and centre. This helps ensure that there are no vulnerabilities.
Ensuring supply chain integrity and trust
A retailer’s supply chain should be considered within its overall cybersecurity strategy.
If a supplier does not operate its own stringent cybersecurity practices this could cause significant problems because it effectively exposes a point of weakness through which to exploit the retailer’s systems.
Only by working closely with security vendors and gaining buy-in from the entire supply chain can the integrity of all possible points of connectivity be fully guaranteed.
It is a requirement of the GDPR that all necessary measures be taken to guard against attack and to protect software and systems.
Effective cybersecurity lifecycle management of IoT devices is an example of a preventative strategy which should be put in place to help secure devices, such as network cameras, and prevent them from being compromised.
A trusted vendor can help to support in this regard by ensuring that security weaknesses have been identified and mitigated at every stage.
Further, the introduction of NIS2, the next EU data protection directive, will remove the ambiguity around the types and profiles of businesses that need to comply with data protection regulations.
Developed to reduce inconsistencies in resilience by further aligning cybersecurity capabilities, the directive places even greater pressure on the entire supply chain to ensure the highest levels of cybersecurity, or risk fines of up to 10 million EUR or 2% of total global annual turnover.
To effectively protect their business, retailers must be able to rely on technologies that support their operational requirements and address associated risks, while at the same time, supporting IT security policies.
The cybersecurity of IoT devices and implementation of high quality products and services are key to effective mitigation of the cybersecurity threat, delivering better protection of the business and customer and resulting in a smarter, safer world for all.
Learn more about our solutions for retail security here.
Steven Kenny – Industry Liaison, Architecture & Engineering at Axis Communications
Steven Kenny has spent 15 years in the security sector taking responsibility for key elements of mission critical, high-profile projects across a number of different vertical markets.
For the last five years, he has focused his attention on how technology can best complement day to day business operations, specifically addressing operational issues and supporting the A&E consultant community across Northern Europe.
He is the Director of Systems, Information and Cybersecurity for ASIS International – UK Chapter, and is the UK technology advisor for TINYg (Global Terrorist Information Network).
About Axis Communications
Axis enables a smarter and safer world by creating network solutions that provide insights for improving security and new ways of doing business.
As the industry leader in network video, Axis offers products and services for video surveillance and analytics, access control, and audio systems. It has more than 3,000 dedicated employees in over 50 countries and collaborates with partners worldwide to deliver customer solutions.
Founded in 1984, Axis is a Sweden-based company listed on the NASDAQ Stockholm under the ticker AXIS. For more information about Axis, please visit our website.
Continue reading…