Simon Whitburn
Senior Vice President Cyber Security Services
The retail sector is undergoing profound change. Nowhere is the opportunity presented by digital innovation arguably more apparent than here. In fact, Accenture claims that the industry will change more over the next decade than it has over the past 40 years as businesses scrabble for a potential windfall of nearly $3tn in operating profits. Yet, as the firm argues, the proliferation of data-driven technologies also exposes retailers to a greater risk of cyber attacks, primarily targeting customer data.
“Over the next decade, as different technologies play increasingly prominent roles, investing in data security will be non-negotiable table stakes,” it claims. This is where DNS-based security can help retailers differentiate by improving incident detection and response.
A digital revolution
The opportunities for innovation and growth are great, but so is the scale of the task. Retail is a highly competitive market, with bricks and mortar stores hit particularly hard by Brexit uncertainty, increased rents and rates, and the shadow of online commerce. There was a 37% rise in net closures on the high street last year, the largest in five years. Retailers must balance these challenges whilst appealing to increasingly tech-savvy shoppers who expect seamless customer experiences across offline and online channels.
Retailers are therefore looking to a variety of emerging and already established technologies to help improve the customer experience and back-office efficiencies. These include:
AI and big data analytics: Can help provide trend and volume forecasting at the planning and buying stage, but also personalise the customer experience by offering predictive recommendations.
Robots: Can drive efficiencies in manufacturing and distribution, but also in sales and after-sales, in the form of automated assistants and customer support bots. According to Gartner, a quarter of customer service operations will use virtual customer assistants by 2020.
AR/VR: Can be used in product design, but also in retail stores, to provide compelling virtual demonstrations of products to customers. AR and VR could even be used to improve the quality of after-sales services.
IoT sensors/tags: The Internet of Things offers a huge range of potential benefits to retailers, from sensors that automate the process of reordering, to tags which help to improve supply chain efficiencies, and smart lighting, shelves and automated checkouts in-store.
Beacons: First introduced by Apple in 2013, these Bluetooth devices send alerts to nearby shoppers, including discounts, reminders and other marketing messages. Analysts estimate 500 million beacons will be deployed by 2021.
Cloud/mobile: Retailers are already investing significantly in cloud platforms to reduce the cost of data storage and computing, support omnichannel experiences, inventory optimisation, personalisation, price management and more.
Facing down threats
However, for retailers to capitalise on these innovations to drive greater agility and growth, they need to properly manage cyber risk. As more and more data-driven systems come online, the attack surface grows. Retailers are exposed via unsecured IoT endpoints, cloud platforms, e-commerce sites, supply chain partners and multiple other points of weakness. In fact, some of the biggest breaches ever recorded affected retailers, including Target (110 million customers), TJX (94 million) and Home Depot (56 million) in the US, and most recently, Dixons Carphone (10 million) in the UK.
A great way to proactively manage these mounting risks is to focus on DNS. This mission critical part of the IT infrastructure converts domain names to IP addresses so that humans and machines can find each other online. Without it, simple tasks like web browsing would be nigh-on impossible. However, because it was designed with usability rather than security in mind, it’s a favourite target of hackers.
There are several ways it can be exploited in attacks: by changing the answers to queries stored in DNS servers, hackers can redirect users to malicious sites to download malware or phish them for sensitive information. They can also take advantage of the fact that DNS traffic is usually whitelisted by firewalls, encoding stolen data in packets before smuggling it out of the company.
However, through solutions like Nominet’s NTX platform, retail IT teams can fight back. NTX analyses large volumes of DNS traffic and is capable of spotting the tiniest signs of malicious activity in real time — automatically blocking attacks before they’ve had a chance to impact the organisation.
That’s the kind of reassurance retailers need as they embark on the next phase of digitally driven growth.
