Cybersecurity Risks Are Increasing for Retailers

All businesses should implement appropriate safeguards to help prevent a data breach that exposes sensitive information, disrupts operations and opens the door to lawsuits.
Cybersecurity Risks Are Increasing for Retailers

Cybersecurity is a critical issue for businesses of all sizes. While data breaches at major corporations tend to capture the big headlines, small and medium-sized businesses are potential targets. Unfortunately, hackers often see these businesses as easier targets because of their lack of resources and security expertise. All businesses should implement appropriate safeguards to help prevent a data breach that exposes sensitive information, disrupts operations and opens the door to lawsuits.

“When a business suffers a data breach, the fallout can be tremendous. A single breach can trigger a variety of financial damages, including lawsuits, repairs, public relations and expenses related to data breach notification,” said Nathan Oland, senior national account executive for Federated Insurance.

Oland shared several practices truckstop and travel plaza operators can implement to help keep the risk of data breaches low. Read Fight Hackers at Your Travel Center with Cybersecurity Best Practices for his tips.

Accenture’s Cost of Cybercrime Study reported that 43% of cyberattacks are aimed at small businesses. Greg Buzek, president of IHL Group, said that retailers are facing exponential increases in cybersecurity threats due to the rise in IoT solutions being deployed in retail locations.

“The labor shortage is acute in the U.S. and not getting any better for truckstops or other retailers. The answer to reducing the need for labor and providing added customer service for the consumers is more technology, but that means more opportunities for access from the bad guys,” Buzek said.

As a result, there is a desperate need for a security-first mindset for all of these technologies, whether it is self-checkout, mobile devices, digital signs, special coolers or electronic shelf labels, Buzek explained. “Security is more than just the payment side. Retailers focus so much of their security budget protecting the payment cards, but more is needed to protect your other data,” he said.

During the pandemic, many retailers rushed to roll out new technologies and, as a result, deployed less secure mobile devices. IHL found that one in three retailers admitted that they deployed mobile devices with less security to capture more sales, and 58% said they had a major increase in the number of outside devices that hit their networks. According to IHL Group’s Sounding the Alarm report, retailers that rushed technology purchases were five times more likely to deploy less secure mobile devices.

The most significant cybersecurity threat beyond payment breaches is ransomware. “Ransomware can shut you down,” Buzek said. “This means you not only have to protect your end-points at the stores but also everything at the home office and backups.”

New retail technologies will drive even more need for a security plan. Electronic shelf labels, for example, are expected to see an 800%+ growth rate in the coming years. When deploying ESLs, retailers should embrace several best practices to ensure

information accuracy and mitigate the risk of communication hijacking, IHL reported. These include using unique device identifiers, leveraging encryption in the system and in communications between systems, and properly maintaining and updating firmware at the device levels.

IHL Group’s Store Systems Study found that although security spending is increasing for retail, it is generally tied to overall IT spend growth, which is often tied to revenue growth. Payment-related security alone can take upwards of 40% of the total security budget, leaving other security items lacking.

According to IHL Group’s Sounding the Alarm report, only 61% of retailers consistently use hardware-level security, and even fewer follow all security best practices. Retailers typically use a layered security approach: 69% use a firewall/router for IoT security; 63% use security at the app level; 61% use hardware-level security, and 58% use security software on the device.

Buzek said it is vital to have layers of backups available for recovery. “And there is one thing that is critical when it comes to backups—your backups need to be tested to see if they work,” he said. “There is nothing worse than thinking you are backed up and then trying to recover from a crash or ransomware attack to find that your backups were corrupted or never tested.”

PriceWaterhouse Coopers' 2022 Global Digital Trust Insights Survey found that organizations expect cybersecurity risk to increase, with half of its respondents saying they expect a surge in reportable incidents above 2021 levels. As threats increase, it will become more and more important for businesses to take steps to protect their information and IT systems.

Subscribe to Updates

NATSO provides a breadth of information created to strengthen travel plazas’ ability to meet the needs of the travelling public in an age of disruption. This includes knowledge filled blog posts, articles and publications. If you would like to receive a digest of blog post and articles directly in your inbox, please provide your name, email and the frequency of the updates you want to receive the email digest.