3 Non-Obvious Cybersecurity Vulnerabilities Retailers Need to Be Aware of and How to Defend Against Them
Over the past several years, the retail industry has seen no shortage of challenges. There are some bright spots, however, especially when it comes to new innovations in remote shopping experiences, digital investments, and online capabilities that have enabled retailers to stay ahead as consumer shopping behavior evolved.
But while these expanded digital capabilities allowed retailers to strengthen their business resiliency and maintain day-to-day operations when the world went remote, they also created more complexity and risk. And bad actors are taking advantage, with online and web attacks doubling to 43 percent, and email compromise scams surpassing 1.8 billion. Online scams aren’t the only vector for attacks. Retailers also must address the non-obvious (but just as critical) vulnerabilities. Here are three retailers need to be aware of as well as best practices for defending against them:
1. Emerging Tech With IoT Sensors and AI
To fuel consumer demands for speed, convenience and personalized experiences, the adoption of Internet of Things (IoT) and connected devices expanded rapidly. In fact, according to a study by Research and Markets, the "IoT in the retail market" is expected to reach a value of $177.90 billion by 2030. All of these connected devices (e.g., supply chain robots, tablets, checkout kiosks, etc.) create multiple new endpoints in a retailer’s network, which can be difficult to manage and secure. Additionally, many IoT devices may pose as low-hanging fruit opportunities for attackers, with over half ( 57 percent) of IoT devices being vulnerable to medium-or-high severity attacks.
Additionally, emerging technology such as artificial intelligence can bring great benefits, but they can also be exploited. For example, the use of ChatGPT can provide enhanced personalization, and the use of AI can provide better inventory management, price optimization and, ultimately, better customer service. But bad actors can exploit these tools for their own advantage — e.g., leveraging ChatGPT to create personalized phishing attacks or using AI tools to provide speech synthesis capabilities which can impersonate people.
Luckily, retailers can also use emerging cybersecurity tools with AI to enable stronger and more comprehensive security systems. For example, to efficiently manage new endpoints created by the use of IoT devices, AI and machine learning can be used to automate threat detection and response. By automating security operations, retailers can quickly identify and address potential threats without the burden of manually sorting through hundreds, if not thousands, of potential risks.
2. Software Supply Chain Attacks in the Cloud
Cloud, as we all know, can be a great advantage for retailers for speed of deployment, providing an agile, cost-effective platform for e-commerce growth during holiday season shopping and enhancing the customer experience through a flexible omnichannel platform. However, with all this code in the cloud, retail developers are under attack. According to Gartner 2025, 45 percent of organizations will have experienced attacks on the software supply chain, a three-fold increase since 2021.
Retailers must secure all aspects of the cloud throughout the whole lifecycle, from the build, run, to the deployment phases. Shift left security is critical to avoid vulnerabilities. Doing so will enable development teams to drive faster digital innovation in a secure environment.
3. Seasonal Employees
While store associates are valuable in managing customer interactions and transactions, they can also pose a security risk to a retailer’s network. Unfortunately for the industry, retailers often experience high employee turnover rates due to seasonal or temporary employees. This ever-changing workforce can create new risks with the potential for employees to fall victim to scams, or act as bad actors themselves by taking advantage of a retailer’s valuable data and information for nefarious purposes.
Educating employees on how to practice safe cyber hygiene is one of the most important ways to strengthen a retailer’s security posture. Additionally, it's critical to follow the principles of a Zero Trust security approach by limiting employee access to valuable data and information as well as enabling multifactor authentication processes to verify and protect identities.
End-to-end security is vital to a retailer’s ability to meet customer expectations and drive business growth. By being aware of these cybersecurity vulnerabilities, retailers can take proactive action to strengthen their security posture and, ultimately, secure their success.
Amit Chetal is vice president, retail, Palo Alto Networks, a leading cybersecurity firm.
Related story: E-Commerce Cybersecurity Trends to Watch in 2023
Amit is the Global Director for Retail and Hospitality at Palo Alto Networks. Amit specializes on how cybersecurity fuels transformation for retailers and hoteliers across the world. Some of the focus areas include secure store transformation, cloud security, IOT security, and SOC automation. Amit is an experienced sales leader with extensive background in the retail and hospitality industries. Amit spent over 17 years in Cisco, where he was the Head of Americas Retail Sales. He has extensive experience working on large digital transformation projects, with clients from enterprise to commercial, building a strong portfolio of solutions working with ecosystem partners, and providing industry thought leadership.
He is active in organizations like the National Retail Federation and National Restaurant Association. Amit has a Master’s Degree in Computer Science and Engineering from Penn State, and a Bachelor’s Degree in Economics and Business from UC Berkeley.