Critical guide published today calls for effective cyber security lifecycle management of IoT devices to improve the security of retail systems and the protection of customer data in a stringent GDPR era.
Axis Communications, the market leader in network video technology, has published its latest whitepaper, Cyber security: the biggest threat to retail which highlights the increasing threat posed by cyber-attacks to today’s retail industry. The paper documents the measures that should be understood by data controllers, loss prevention & security personnel through to heads of operations to ensure the highest levels of security and provide the appropriate education and training for all key stakeholders to effectively mitigate the mounting cyber security threat.
The growth in and use of IoT devices and cloud technologies have opened up boundless possibilities for modern retail organisation across physical and digital platforms. However, customer data is at the heart of a frictionless shopping experience and presents an attractive commodity to cybercriminals, with attacks growing in number on those retailers whose systems are inadequately secured. It has been reported that in the last 12 months there have been 19 significant data breaches[1], which present a major risk for both retailers and customers.
In addition to the immediate disruption and downtime a breach can cause, the damage to the reputation of a business or brand can be lifelong. Furthermore, GDPR related fines from the ICO can now be as much as €20m or 4% of global annual turnover, whichever is higher, and demands that necessary steps be taken to guard against attack and protect existing infrastructure. Axis’ whitepaper creates awareness of the challenges being faced and looks at how effective cybersecurity lifecycle management of IoT devices will help to better manage security and ultimately maintain customer trust.
Download the whitepaper – Cyber security: the biggest threat to retail
“Any organisation that generates or manages personally identifiable information (PII), effectively any data that could potentially identify a specific individual, must comply with GDPR. Establishing a truly secure retail solution can only be accomplished if security has been analysed at every stage. The key is to ensure that everyone involved understands the security implications of a breach and how to prevent one. Collaboration with system vendors, integrators and installers is also hugely important, and conversations across the supply chain will ensure requirements are met and security risks are adequately addressed,” Steven Kenny, Industry Liaison Architecture and Engineering, Axis Communications.
Alongside greater awareness of the need to comply with the GDPR, the Axis whitepaper stresses the importance of looking to guard against system vulnerabilities by working with trusted vendors who can install only those security technologies that are deemed to be Secure by Default. These technologies have been built from the ground up with cybersecurity considerations at the forefront. Technologies that are cyber secure offer peace of mind when connected to a network, and come with assurances that stringent guidelines are followed during the design and manufacturing process. Surveillance camera technology designed and manufactured in this way assures retailers that these security solutions will not be used as a backdoor into the network; such is the risk of introducing non-secured hardware.
Key points covered in the retail whitepaper include:
- Review of cybersecurity challenges – Supply chain attacks, IoT vulnerabilities, the impact of operational downtime
- GDPR, data protection and privacy – Examining the necessary actions to ensure full compliance with the GDPR and DPA 2018
- Video surveillance insights – Understanding how data analysis can inform security and business decisions, and supply chain evaluation
- Managing security effectively – Processes and tools to help the design, development and testing of systems in accordance with cybersecurity principles
- Converged security – A collaborative approach to addressing cybersecurity risks
“The retail industry is deemed the most at risk to cyber threats. It is crucial to find the balance between enhancing the customer experience and maintaining GDPR compliance; providing adequate security whilst not violating customer privacy,” says Graham Swallow, Retail segment lead, Northern Europe, Axis Communications. “While video surveillance systems are a necessity within the retail environment, many organisations have re-evaluated their entire strategy in order to ensure full GDPR compliance. Retailers must be able to rely on technologies that support their operational requirements and address associated risks, while at the same time, supporting IT security policies.”
This whitepaper provides retailers with expert guidance, highlighting the appropriate policies and procedures around the cybersecurity of IoT devices, and reinforces the importance of selecting trusted vendors and partners. Axis is passionate about using technology to help create a smarter and safer world. This is demonstrated by a commitment to helping retailers understand the benefits of connected physical security systems that deliver on the promise of better protection of the business and customer.