As IoT Expands Into Retail, Cybersecurity Risks Rise

By Zachary Amos, Features Editor at ReHack

There isn’t just one Internet of Things — there are many. A soft-drink factory might have its own IoT, while a high-rise office building might have another. Residences might have one, too.

The most visible IoT innovations — smart lighting, appliances, and sensors — apply to retail. This industry is also its own beast. Here’s a look at some of the most value-adding opportunities for IoT in retail, along with a warning. As the IoT moves deeper into retail management and shopping, risks grow with it.

How Is IoT Used in Retail?

Microsoft found that around 87% of retail companies already consider connected technologies vital to their success. Here are some examples of IoT tech being deployed throughout retail, e-commerce, and warehousing.

1. Beacons

Beacons interface with guests’ smartphones using Bluetooth as they approach or explore a retail store.

These beacons are small pieces of hardware placed throughout the space. They react to customer movements, demographics, and other data to provide directions, personalized product recommendations or promotions, or perform other services.

2. Inventory-Tracking Systems

The processes of handling and sorting incoming goods, stowing them accurately, and knowing when cartons or bins are empty are all highly prone to errors. IoT facilitates automation that reduces mistakes during inventory counts and product handling:

  • IoT inventory-tracking systems use radio-frequency identifier (RFID) or near-field communication (NFC) tags to get and keep facility “eyes” on every product, from dock intake to final shipment.
  • IoT supports inventory awareness in distribution, e-commerce warehouses and retail stores.

When a retail employee grabs the last of a particular SKU from stock shelves, IoT sensors could flag this automatically and facilitate a reorder.

3. Fleet Management and Telematics

Small sensors in shipping cartons and truck trailers are more cost-effective than ever and deliver their ROI in peace of mind. Many factors — from truck speed and current ETA to environmental and traffic conditions — can affect the shape and arrival of freight bound for warehouses or products en route to retailers.

Market forecasts predict IoT warehouse management will be worth more than $19 billion by 2025.

Bringing IoT into the mix adds proactivity to fleet and supply-chain management. The IoT gathers all these disparate data points and presents them in dashboards to facilitate greater coordination. If supply-chain data indicates an emerging bottleneck, decision-makers have a greater body of knowledge to call upon.

The result is faster reactions to emerging events and better long-term planning.

What Are the Cybersecurity Risks in Retail?

Other IoT innovations already improving customer and vendor experiences include fully automated checkouts, storefront sensors to enhance staffing and store coverage, and even robotic greeters, cleaners or stock-pickers. However, these internet-connected technologies make retail operators and customers more susceptible to cyberattacks.

The smart fitting room is the most complete and compelling interpretation of IoT’s role in retail. The concept is becoming a reality in higher-end retailers, and it’s bound to catch on with mass-market stores as the technologies improve. A smart fitting room can:

  • Silently let sales staff know when fitting rooms are being used.
  • Use RFID or NFC to track merchandise as it enters and leaves rooms.
  • Utilize digital mirrors to project the clothing item onto the shopper so they don’t have to get undressed.
  • Provide discreet communication between shopper and staff — such as if someone needs the same item in a different color or fit.

The possibilities extend beyond the store’s walls. A shopper might see a style or color they like in the smart mirror — and automatically place an order for home delivery if that variant is not in stock.

What does all this connectivity do to the store’s cybersecurity threat surface? Here are just some of the points of potential failure:

  • Fitting-room sensors are susceptible to hacking.
  • POS and self-payment systems can be defrauded.
  • In-store networks may be compromised and leak customer data.
  • NFC tags may be rewritten or manipulated.

One of the most famous examples of an IoT cybersecurity failure in the real world is the Target data breach. Vendors of the retail chain’s smart air-conditioning system revealed in 2014 that hackers used its internet connection to infiltrate records and steal customer data.

Not all the IoT technology in retail with customer ramifications even needs to be directly involved in the shopper experience to become a threat.

How Retailers Can Answer Key Cybersecurity Challenges

The cybersecurity threats in retail go by familiar names. They include:

  • Network infiltration: Retailers need networking technology to provide POS functionality and support the IoT’s other use cases. Without the right protection, these networks are vulnerable.
  • DDoS attacks: This is where hackers take control of fleets of IoT devices and flood the target organization’s network with requests to render it useless.
  • Ransomware: Retailers are woefully underprepared for ransomware attacks, where hackers seize intellectual property in exchange for a ransom.

An incredible 44% of retailers surveyed experienced a ransomware-based attack in 2020.

A full cybersecurity strategy is required to protect the vast amount of payment and personal information stored by retailers, even small businesses. The essentials include wireless intrusion prevention systems (WIPS and end-to-end encryption for all traffic.

Additionally, retailers should consider hiring or consulting with a well-reviewed third-party cybersecurity company. They will perform penetration testing to determine hardware or software weaknesses and recommend products that apply cutting-edge techniques, like machine learning, to respond autonomously to new threats or invasions. Vendors should be able to explain exactly what their technology does and how it solves practical challenges.

Securing IoT devices themselves can be difficult. Early versions were not built with embedded security. Thankfully, newer approaches, like cloud-to-chip IoT, help eliminate this barrier.

Staying safe in retail requires the right emerging and proven technologies. At the cultural level, it also requires that retailers engage with the threat with the right mix of awareness, planning and outside talent.

As the Features Editor at ReHack, Zac Amos writes about cybersecurity, artificial intelligence, and other tech topics. He is a frequent contributor to Brilliance Security Magazine.



Follow Brilliance Security Magazine on Twitter and LinkedIn to ensure you receive alerts for the most up-to-date security and cybersecurity news and information.