Internet of Risks: Security Challenges of Connected Devices

Innovation has exploded in the retail space, with the rise of connected devices and the Internet of Things (IoT) driving major transformations in the way people live and work. With wide scale industry development and demand, the connected retail market is projected to be worth $53.75 billion by 2022.

The huge potential for IoT in retail isn't going unnoticed, with the industry investing heavily in leveraging this new technology. Amazon.com, for example, recently announced its new Amazon Go smart grocery stores, an exclusively IoT shopping environment with no cashiers or checkout lines. The Amazon Go store is only the first of many more iterations of this technology to come.

With enormous growth expected for IoT, it will evolve to become an essential part of customers’ retail experiences as well as retailers’ business operations. The technology possibilities of IoT are limitless, but they pose major security risks for consumers and retailers alike. In October 2016, hackers were capable of shutting down popular websites including Twitter, Amazon, Tumblr, Reddit, Spotify and Netflix by infiltrating connected devices like security cameras. The hack is only a preview of attacks to come stemming from this new technology. With potential access to customers’ payment information, the retail environment is a prime target for hackers looking to continue to exploit connected devices.

Attacks on customer information can be devastating for retailers. Before incorporating IoT technology into their stores, retailers must understand the risks involved and take action to prevent criminals from taking advantage of this new technology. Below are four steps all retailers must take to protect their business operations as well as their customers’ information.

Verify Built-in Security Features Before Purchasing

Nearly all IoT devices offer some sort of convenience for either the customer or retailer, which can help boost bottom lines. However, what they do not all promise or deliver is strong security features. Before a retailer decides to purchase an IoT device or system, they need to carefully consider the in-device security features of each in order to make an informed purchase and avoid incidences that could prove costly to resolve down the line.

Ensure Software Update Capabilities

When purchasing a device, retailers need to consider more than just built-in features. For example, they should look for software update capabilities. Outdated security features enable malware to spread with ease throughout IoT devices. Obsolete security features allowed cybercriminals to launch botnet attacks on thousands of Mirai in-home Wi-Fi routers in Europe, leaving users without internet until the vendor was able to issue a bug fix. Although this attack was on a consumer device, it can happen in the enterprise environment. Unlike the average consumer, retailers can and should use their influence to demand longer maintenance terms and mandated security patching and testing within their contracts.

Understand the Accompanying Software

Part of the appeal of IoT is the “set it and forget it” type of operation — i.e., once a device is set up, it doesn’t require further maintenance. However, this makes IoT attractive to criminals because they can easily run malware on connected devices without the retailer knowing until after the damage has been done. It's important to understand the software that accompanies the hardware in order to discern if there's malware or applications running on the connected devices. This will help facilitate quick action in the event that hackers infiltrate a network.  

Secure Vulnerable Inventory Entry Points

IoT has immense benefits on the supply chain side of retail, but with them come great threats. By constantly communicating with supply sites, tracking devices allow for automatic reordering when they sense shelves have reached a certain inventory level. Although convenient, the devices are simple by design, and they often lack security features or threat detection. With constant communication to servers and scarce protection measures in place, a hacker could easily hijack the devices and send an oversupply of inventory. Retailers must ensure that these devices are connected to encrypted frequencies to safeguard their communication from the control of criminals.

More and more retailers are investing in IoT, understanding the value of this new technology in streamlining their business operations, enhancing customer experiences, and improving their bottom lines. However, with this great potential comes great risk. Failing to carefully consider each device and the threat it could pose can result in breaches, expensive legal troubles and a tarnished brand reputation. With cybercriminals eager to exploit, responsible IoT implementation is not just smart, it's the only viable way for the retail environment to stay competitive while providing a safe customer experience.

 Chris Ensey is the chief operating officer of Dunbar Security Solutions.