Akamai’s 2023 State of the Internet report reveals that retail continues to be the most targeted industry for cyberattacks, with more than 14 billion observed intrusions. The risks from cyber threats such as fraud, account takeover, malware, ransomware, business email compromise, and data breaches all start with the first breach. Devices connected to a retailer’s network, such as smart IoT thermostats, access control sensors, and computers, are all gateways for cybercriminals to access personal data stored on servers connected to that network. There is a possibility that
Because security cameras, access control systems, and automated license plate readers exist to protect people, products, and facilities, they are often overlooked sources of vulnerability. Physical security systems are a common blind spot and a potentially dangerous point. IT and security teams must work together to ensure the cybersecurity of physical security systems against threats.
Common vulnerabilities
Any device connected to the internet is a potential cybersecurity vulnerability. However, some devices have known defects. It can open gateways into your network or inject malware or ransomware into your system.
For example, the National Defense Authorization Act (NDAA) blacklists some brands of surveillance cameras and digital video recorders (DVRs). Those doing business with the U.S. government are prohibited from using these products with known vulnerabilities. These devices are known to be easily hijacked and used by malicious parties, with the potential risk of spreading to other systems within an agency’s network.
A simple tip to reduce your exposure to cyber threats is to follow government guidelines. Include them as clear policy directives in your company’s cybersecurity strategy. Even if you don’t do business with the U.S. government, you can take advantage of best practice advice from its experts by following government leadership on cybersecurity protocols.
Reputable physical security software companies maintain an up-to-date list of vetted and certified partners for cybersecurity. Always choose devices manufactured by trusted vendors approved by industry leaders with strong cybersecurity track records.
Protect your network from cyber breaches
It’s good practice for retailers to regularly audit their network security. Ensure all devices are secure, properly installed, and password protected. Because organizations often add hardware over time, audits can help you learn about your systems, their components, and their vendors.
In addition to equipment audits, retailers should review their cybersecurity policies. Make sure all team members, from cashiers to managers, are aware of best practices to follow. This is not something he can do just once. Cybersecurity threats are continually evolving, and retailers must regularly review and update their strategies to stay ahead of cybercrime trends.
Many retailers find it easier to keep their cybersecurity requirements current by moving to an integrated cloud or hybrid cloud system. This is because software vendors have some responsibility for software updates and patches. A reputable security software company will have dedicated cybersecurity resources to monitor threats, issue recommendations, update systems, and support your team. These help your team respond efficiently and effectively in the event of a breach.
For IT teams, moving to a single unified security platform makes it much easier to manage and upgrade hardware over time. Look for a system with end-to-end encryption and multi-factor authentication to ensure both cyber and physical security standards are met. Choose a vendor that offers flexibility for on-premises or hybrid deployments. That way, you can move to the cloud at your own pace if you want.
Protect your security system
Modernizing security systems can be costly, and these decisions now involve many departments. The system must provide more than just added security. A strong cybersecurity foundation should improve efficiency and scalability across departments.
When all your physical security devices are connected into one unified system, you have a better view of the security of your entire system. A built-in dashboard allows you to easily monitor firmware status and keep your cybersecurity management up to date within one intuitive platform. Combine video surveillance, access control, license plate recognition, intrusion detection, analytics, and more into one interface to help report vulnerabilities.
A unified system also allows you to streamline access rights management on one central platform. Automated security policies and scheduled compliance reviews reduce the workload of security teams while reducing the potential for security breaches due to credential misuse. An integrated software platform supports IT and security teams to ensure data is properly encrypted and only accessible by properly authenticated users.
Ensuring retail safety today means more than installing cameras and securing perimeters. It also means choosing a security system that was developed with cybersecurity in mind from the ground up.
Hardening your security system against cyber threats is not a difficult task to do alone. Cybersecurity is a shared responsibility. Led by IT and security teams, supported by software vendors and hardware partners, and contributed by staff at all levels. By combining efforts, retailers can build a strong cybersecurity posture to protect their products, employees, and facilities.
Scott Thomas is National Director of Signature Brands for a physical security company Genetec. He and his team work with organizations in the retail, financial, hospitality, gaming, and cannabis industries through Genetec’s network of system integration partners. Thomas is a member of the advisory board of Los Prevention Magazine.
