It is almost impossible not to be painfully aware of the security challenges facing major retailers. In just the past few days the Target data breach grew in scope and level of malevolence, and upscale retailer Neiman Marcus revealed it also has been under attack. There is also the rampant speculation in the security industry that these revelations are actually just the tip of the iceberg, and more large retailers are in the bad guy cross-hairs.
With the problems of the large retailers hogging the headlines, lest we forget, no retail enterprise of any size is immune from having proprietary customer and transactional data compromised. In fact, as the headline of this article indicates, a new survey from Sunnyvale, CA-based security solutions provider Fortinet, finds that one in five U.S. small and medium businesses (SMBs) in the retailing sector are not even PCI compliant and lack security fundamentals.
If ever there was a wake-up call for retailing SMBs to take a serious look at not just becoming more educated and enhancing security, the survey also pointed to the growing interest in onboarding retailing analytics to better understand and assess customer data and buying decisions.
Time for SMBs to decrease vulnerabilities
The Fortinet survey—based on interviews with 100 U.S.-based SMB retail organizations with less than 1,000 employees—highlights where SMBs stand in regards to compliance regulations, security policies and new technologies that help manage big data and security infrastructure. Along with the sobering news there are also some encouraging findings.
Highlights from the survey include some not so great news:
It almost goes without saying that if bad actors were to exploit the vulnerabilities of those without strong, never mind basic, security solutions and policies, the damage could be catastrophic. SMBs are hardly in a position to withstand the resulting regulatory fines, litigation and the damage to their reputation. In fact, on the last point, the prospect of bad reviews going viral should be reason enough to appreciate the old adage that, “an ounce of prevention is worth a pound of cure.”
On the encouraging side of things, the survey did register inquisitiveness about new technologies that provide better customer insights. It found that more than half of SMB retailers are looking to onboard retail analytics to help them understand purchasing trends and customer behavior in the store. Fortinet, based on its solutions portfolio also inquired about customer interest in next generation security solutions that provide combined physical and network capabilities in a single appliance that could increase visibility, ease management problems and help be proactive as well as reactive in mitigating risks, and would reduce IT costs.
On this front, they found a receptive audience with almost half of respondents saying they were familiar with the technology and either currently use it or plan to do so.
A little more granularity on security—improving, but a ways to go
Fortinet delved a little deeper into SMB security issues regarding the increasingly valuable/invaluable area of Wi-Fi. Again this is good news and indications of a need to improve practices. Findings included:
A look ahead, what SMB retailers are looking for
There are a few other insights of note from the survey.
There was also significant interest (59 percent) in retail analytics that can utilize Wi-Fi enabled smartphones to capture shoppers’ data. Of that 59 percent, 75 percent are either actively utilizing these analytics or have a strong interest in them. Interestingly, only 25 percent say that would not use such capabilities because they believe it is an intrusion on their customers’ privacy.
“This survey was eye-opening for us. Despite looming threats and stiff compliance penalties, more than a fifth of SMB retailers are still not PCI compliant, while many are falling short of security best practices like password safety,” said Patrick Bedwell, vice president of product marketing for Fortinet. “The survey also confirmed that – as with larger retailers – SMBs have a strong interest in big-data analytics, as well as standalone products that incorporate both network and physical security capabilities within a single appliance. Our new connected UTM appliances with Power over Ethernet are certainly a step in that direction in that they allow a business to manage multiple PoE devices through our FortiGate interface. These solutions can include, but are not limited to, PoS devices, IP phones, IP cameras, wireless access points and digital signage.”
While admittedly anecdotal to some degree because of the sample size used in the survey, this is not to minimize the messages it highlights for SMB retailers and vendors in the space. The first is that when it comes to security size does not matter. The protection of customer and company data is just as if not more important for SMB retailers as it is for large enterprises. Second, the SMB retailer is an under-served market in terms of providing retailers more actionable insights about their in store customers. And, while an activity where proceeding on capturing more and more information needs to be done with caution. However, as part of efforts by SMB retailers to improve their customer experiences and use that as differentiated value in their competition with bigger entities, this is an area of interest for SMBs and opportunity for vendors.
SAM is a series of kits that integrates hardware and software with the Internet. Combining wireless building blocks composed of sensors and actors con…
Artificial intelligence is changing the way businesses interact with customers. Facebook's announcement this week is just another example of how this …
In the upcoming webinar "Apache Spark: The New Enterprise Backbone for ETL, Batch and Real-time Streaming," industry experts will offer details on clo…
In a stunning new report by Carbon Black, "Hacking, Escalating Attacks and The Role of Threat Hunting" the company revealed that 92% of UK companies s…
To make 5G possible, everything will change. The 5G network will involve new antennas and chipsets, new architectures, new KPIs, new vendors, cloud di…