Retail in Asia

In Trends

Study: Security costs for retailers increase without adequate controls

Without adequate controls to manage store systems and the increase in number and variety of devices retailers can expect security costs to continue to increase rapidly, a new report by McAffee and the IHL Group revealed.

The report was based from an anonymous survey of senior retail and hospitality executives that discussed their strategies to meet PCI compliance and security for their retail systems.

Among the findings is that as IT constantly evolves, security must also evolve, and often times much more rapidly than the devices they are tasked with protecting.

McAfee said the ability to tightly manage the enterprise is a big driver in managing security and controlling costs. Security confidence can be closely tied to the device variability within the store, increasing the number of devices is a key driver around introducing significant complication around the ability to secure the store environment.

“The retail storefront has gone through many changes over the last decade, but one thing that hasn’t changed is that customers are looking for a seamless and positive shopping experience,” said Greg Buzek, President at IHL Group. “Customers want to be able to buy, fulfill and return anywhere. When done right, the introduction of mobile devices within the store can help enhance the customer experience but comes with expanded risks.”

As a result of these changes in retail, two significant events have occurred: the increased sharing of information among more and more types of devices (with either LAN or wireless connections), and the need to be able to share information wirelessly within the store. Additionally, there’s the advancing sophistication of the criminal element looking to compromise retailer systems along with ever evolving PCI compliance requirements.

In the category of retailers that have more than $1 billion in revenue, the survey found that there is an equal split amongst retailers using a whitelisting approach as compared to antivirus.

The study revealed that retailers have a good understanding about PCI compliance, but they struggle when the amount and variety of store systems increase to provide the proper security and compliance management. On average only 22 percent trust the manufacturer to provide security.