European Retailers’ next big dilemma Cyber & Physical security Convergence

Exploring how European retailers are adapting to cyber and physical security convergence and protecting data

Asset protection will always be a top priority for retailers. However, they are increasingly looking for ways to protect their data as well.

According to a recent Quocirca report, 70% of European retailers admit that cyber criminals have definitely targeted their organisation. 45% of the respondents said some attacks were successful, and 33% of respondents declared that data was, or could have been, stolen. Customer data is not the only thing at risk: employee data, corporate intelligence and even credentials for physical security systems are also in jeopardy.

From system hacks and DDoS attacks to the increased prevalence of ransomware virus attacks, cyber threats are not slowing down. Experts say it is the price of interconnectivity, and an unfortunate by-product born from the Internet of Things (IoT). As more businesses add devices and systems to their network, and outsource services to reduce costs and improve operations, the importance of cyber security is becoming paramount.

Governments are also stepping in to hold businesses accountable. The European Union’s General Data Protection Regulation (GDPR) officially comes into effect on May 25, 2018. The GDPR puts the control of data back into the hands of the customer, allowing them to access their data and decide how it’s used and distributed. The GDPR also specifies that businesses must adhere to specific governance and accountability standards in the processing and protection of data.

In response, retailers are looking at every defensive avenue possible. Many are upgrading their physical security systems, moving from outdated analogue technology to the latest IP security systems. These newer systems provide better coverage and visibility over their operations. Intuitive features allow security teams to watch over and control access to vulnerable areas in stores, warehouses, headquarters or any location where data might be stored.

However, if not properly secured, these very same devices and systems that are meant to protect an organisation could become another source of vulnerability for hackers to prey on. So as cyber and physical security increasingly converge, more retailers are asking how they can better mitigate risks and manage data in accordance with new laws. Here are three best practices that help them do just that.

Top 3 best practices to tackle cyber threats

1. Take an active role in the cyber security discussion

Relying on installers to deploy effective security practices is not enough. And sometimes, IT is too busy to help. Security professionals who take more control in creating and deploying cyber security practices are usually in a better position to mitigate risks. That’s because they understand and know what security measures have been implemented and how these measures help to secure their organisation.

This higher level of accountability and involvement will also be expected of retailers in the very near future. According to new regulations in the GDPR, every company must appoint a data protection officer. This person must be independent from any IT, risk or VP-level functions so that they remain neutral and unbiased in how the business adheres to the regulations.

2. Select vendors who prioritise security of security

While choosing the platform, it’s important to look closely at the vendor’s cyber security policies. Find out if the vendor is forward-thinking in their approach to cyber security, and what measures they take to inform and support their customers in these initiatives.

Also, consider the built-in security mechanisms offered in their solutions. These can include encrypted communications, data protection capabilities, and strong user authentication and password protection. These mechanisms help protect organisations against hackers and other internet-based attacks. They also ensure only those with defined privileges will be able to access or use resources, data and applications.

Retailers might have stores, manufacturing plants and warehouses in various countries through the EU. That’s why choosing a platform that can grow across regions and countries is helpful for many reasons. It gives a retailer the ability to standardise on one solution, across its many sites, while remaining in control from a central location. Coupling this with a health monitoring tool for example, enables security and loss prevention teams to oversee the performance of their many geographically-dispersed systems. For instance, real-time notifications alert operators if there is a server failure or if a device goes offline in any one of the retail locations. They can then quickly identify the cause of the issue, and get things up and running at peak efficiency.

3. Consider the security benefits of cloud solutions

Gradually, bandwidth restrictions are lessening and internet connectivity is becoming more widespread and affordable. Inevitably, this means more retailers will have access to cloud-based applications such as Video Surveillance as a Service (VSaaS) and retail intelligence solutions. And while many still question the security of the cloud, companies are discovering how these solutions can enhance the security of their on-premises systems. They do this by connecting to the cloud services with built-in security mechanisms. For instance, cloud services facilitate system updates and patches. This ensures businesses are running the latest software versions, free of known vulnerabilities.

Top-tier cloud service providers also take responsibility for the risk of threats, and invest significant money and resources to counteract attacks. They deploy global incident response teams who work around the clock to mitigate against threats. They embed mandatory security requirements into every phase of the platform’s development, and they build and maintain unpreceded levels of security at their data centres.

Adapting to cyber and physical security convergence

Following a data breach, recovery and settlement costs can reach hundreds of millions of pounds. And the damage to the affected company’s reputation is often irreversible. That’s why as IoT gains momentum and data laws evolve, it’s going to become even more critical for retailers to strengthen cyber security policies for all their systems, including physical security solutions. Getting more involved in these initiatives, partnering with vendors who guide or support cyber security practices, and considering future cloud applications are all strategies that will help retailers keep data safe, and customers coming back.

Matthieu Seys

Business Development Manager EMEA Genetec.  www.genetec.com