Menu
Retailers get an IoT wake-up call

Retailers get an IoT wake-up call

The recent Distributed Denial of Service (DDoS) attack that infected internet of things devices should serve as a warning to retailers that are investing heavily in IoT tech this holiday season and beyond.

According to Khera, while IoT technology remains exciting and is creating tremendous opportunity for retailers looking for ways to fight Amazon, there are simply a lot of unknowns that have yet to be addressed. “What retailers need to do is look at entire infrastructure from endpoint to gateway, to the point of communication and the back-end server where data is transmitted, and come up really with an overall infrastructure policy on IoT,” he says.

The future of IoT security

Gartner Research predicts that by 2020 there will be 25 billion connected devices worldwide — and these IoT devices are less protected than traditional computer platforms, says Capgemini’s Oz Deally, who emphasizes that IoT involves “computers that can execute code and be enlisted in the bot army.” Retailers need to make security the highest priority, as hackers are already staking out their attacks with these vulnerabilities, he explains. “A typical IoT framework, at a very high level, consists of edge devices like sensors, adapters and beacons; a gateway to communicate with these devices; and a back-end server in the cloud or on-premise,” he says. “Retailers need to take each section separately and start addressing security issues for each, before it’s too late."

[ Related: Let's get serious about IoT security ]

Before purchasing IoT devices and technologies, the CIO or CISO should also be assured that the manufacturer is taking responsibility to secure them as much as possible, from installation and service management until retirement, says Deally.

For the retail CIO and CISO, there are budget issues at play that can keep IoT security on the back burner, cautions Khera. “Management will say, ‘You’re crazy, I can’t give you all of this money,” he says. “That’s part of the problem — I recently was part of a roundtable with CISO’s who said they had not moved on securing IoT and mobile apps, even though they know attacks are coming, because a lack of a visible attack and a lack of regulation doesn’t exist to help them get budgets approved.” That will likely change due to the highly-publicized Oct. 21 attack, he says.

[ Related: IoT security suffers from a lack of awareness ]

However, there is still a long way to go in terms of retail IoT security, he adds. By the end of next year, retail organizations may not yet be much farther along than where they are today in terms of building the cybersecurity defenses required to handle the needs of IoT. “The security controls are complex and costly, and the economic model has to shift to where cybersecurity is viewed as one of the mitigating measures to substantial risk to the retail company in terms of their their digital future.”

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about BillCapgeminiCMOGartnerGartner ResearchNetflixTwitterWest

Show Comments
[]