Brick-and-mortar retailers are standing at a crossroads – the intersection of innovation and security. Amid all the disruption happening in this sector, retailers also face significant security threats from both the cyber sphere and inside their physical stores.
The good news is that retailers don’t have to pick just one road at the expense of another. In fact, they can blaze their own trail by finding a balance between innovation and security. With sharp strategies and today’s security technology, executive decision-makers can have both.
Here are two considerations for retailers looking to strike that balance.
1. Focus on your employee experience – empower them, securely
Smart, well-trained employees are absolutely critical for a successful retailer, but they can quickly become a major security threat. In a 2016 study, the Ponemon Institute found that 68% of insider-related security incidents were caused by careless or negligent employee or contractor actions.
Security executives should take a closer look at their employee experience strategies to ensure that associates have the digital tools they need to succeed while protecting the enterprise at the same time. Enabling them with the right technology will help increase retention, and keep both employees and your customers happy. As such, they should be trained to interact with it in the safest way possible.
Also, in-store applications and processes need to be designed around the way associates work to make them feel empowered. Whether it’s enabling extended aisle for customers or handling transactions at the customer’s side, applications should be created in conjunction with and tested by employees. Simultaneously, security executives need to create guardrails within the applications and processes to protect associates from unintentionally creating a security threat.
The bottom line is this: Retailers won’t succeed by locking down employees and their devices in an attempt to safeguard the network. They’ll win by inspiring associates to engage with intelligent technology, which will help mitigate the chances of a network exposure.
According to the 2018 Cisco Cybersecurity Report, 82% of companies seek more integrated solutions. But how you integrate the technology matters, as multiple vendors can mean vulnerabilities and gaps. To reduce the threat, retailers should be cognizant of not using too many vendors and products in order to reduce complexity.
2. Security is foundational – better understand retail vulnerabilities and protect yourself
The chief security officer role has quickly become one of the most challenging and rapidly changing jobs within a retailer. Why? Because when retailers want to invest in digital technology to innovate, they look to the CSO to make sure it does not expose the company to new security risks.
In fact, the Cisco Cybersecurity as a Growth Advantage report shows that 69% of companies say they are reluctant to innovate if they are not able to mitigate all their cybersecurity risks. But if they include a seat for CSOs at the C-suite table, retailers can ensure they have the necessary platform to discuss the organization’s security requirements while also making the business case for new technology investments.
CSOs know that today’s network security strategy is no longer black-and-white. They can’t simply leave part of the network open while walling off another.
With the retail environment now dynamic in nature, customers and associates need access to resources, as do vendors and business partners. For example, manufacturers that install interactive in-store displays need to access them via the network to update content – opening a potential vulnerability. Or deploying emerging technology such as smart shelves makes it clear that CSOs are dealing with an ever-evolving landscape of potential threats.
To adjust, CSOs’ strategies and the tools they choose to support them are becoming more adaptive and intuitive. The technology exists to monitor the entire web for developing threats and leverage that information to help networks learn to protect themselves. This not only reduces the need for human monitoring and intervention, but also decreases the time required to mitigate a problem.
In our experience, we’ve seen the timeline to resolve an issue condensed from 100 days to one day (or less) because an intuitive network can “self-heal.” Such a network can address a problem like a ransomware attack before it becomes an enterprise-wide crisis.
Retail CSOs can also explore complementing their security strategy with robust services for assessments to receive data regarding specific vulnerabilities. These assessments can help the retail organization better understand options for cybersecurity insurance policies for mitigating losses associated with any potential breaches.
For advanced protection, they will need to consider a wide range of security functions such as next-generation firewalls, intrusion prevention systems (IPS), secure access systems, security analytics and malware defense, to name a few.
Armed with solutions like this, CSOs can effectively partner with the business to ensure innovation comes to retail environments without the cost of reduced security.
Amit Chetal is Americas retail sales lead - digital transformation at Cisco and Derek Dykens is retail business development manager, Americas Industry Solutions Group.