Traditional retailers have a strategy to fight back at the market share erosion they are facing from the success of online-only leaders, it’s called “Omni-Channel.” Deloitte Consulting defines it as, “a customer-centric experience that seamlessly connects a company’s digital and physical stores and allows buyers to sample and purchase merchandise via a variety of mediums, including in store, online and mobile.”
It makes a lot of sense. But as retailers expand their online and network based customer interactions to blur the lines between traditional, in-store retail and online retail, they will exponentially increase their exposure points and opportunities for security breaches.
And as we have unfortunately seen too many times, retailers are already under attack and struggling with cyber security: the top 5 retail breaches of 2014 alone exposed a collective 495 million customer accounts, and 2015 saw 523 security incidents in the retail sector, 164 with confirmed data loss.
We see three major security risks of an omni-channel strategy:
- Protecting multiple points of exposure. Expanding security from today’s infrastructure of a limited number of point of sale terminals and employee computers to multiple mobile POS devices, sensors, employee smartphones, in-store beacons, workstations, and tablets on the corporate network, will increase exposure points and risk exponentially. In addition, transactional data that moves from online to in-store and between in-store devices, creates many more points of entry for cybercriminals.
- Enhancing security visibility and policy enforcement. Deploying new technologies and point products will make it more difficult for IT departments to get a clear and comprehensive view their security posture. More points of delivery means a more complex information supply chain. Likewise, the need to interact with and manage many vendors can create additional risk and introduce devices that are not longer “owned” by the retailer.
- Addressing new, device-specific malware. As recent history with POS devices has shown, cybercriminals will develop malware that is device-specific. As new omni-channel devices become part of the retail IT infrastructure, malware will emerge specifically targeted to exploit vulnerabilities unique to those devices.
Omni-channel simply will not succeed if consumers are worried about who is accessing their data or, worse, if a major breach erodes years of hard-earned brand trust.
Omni-channel requires omni-security – a security posture that is always on, that is pervasive across all devices, and that can be easily managed. Together, omni-channel and omni-security can transform the shopping experience.
Click here to view the iSheriff white paper, Omni-Channel Needs Omni-Security
 (Robinson, 2014)
 (Verizon, 2015)