Just 18 percent of retail IT security professionals were concerned that point- of- sale devices were being targeted by cyber criminals, and only 20 percent were confident that POS devices were securely configured, according to a survey of 276 retail executives and IT professionals in the U.S. and U.K. Tripwire, a security software provider conducted the survey.
More than a third (34 percent) of retail executives said they were not confident that all of the devices on their networks were authorized, while 18 percent of financial services respondents and 20 percent of energy sector respondents expressed the same doubt.
"There are two primary areas of concern: data and physical actions. The Internet of Things will collect vast amounts of data, and retailers should be concerned about safeguarding what’s collected," Tim Erlin, director of IT security and risk strategy for Tripwire, told eWEEK. "This is a challenge with consumer data today, and the Internet of Things will make it even harder."
Erlin said the second area of concern centers around IoT devices that can affect the physical world.
"We recently saw German a steel mill go up in flames because someone hacked in and disabled a safety control," he said. "There’s no reason that similar attacks can’t occur inside a retail establishment, injuring customers or trapping them."
Only 25 percent of retail executives expected to receive additional budget to support the expanded security necessary to protect IoT devices, and 59 percent of financial respondents and 52 percent of energy respondents expected to receive additional budget.
About 45 percent of retail executives said they were not concerned at all about the security risks associated with IoT devices connected to their networks, while 35 percent of financial services respondents said they are very concerned.
A little more than a third (36 percent) of retail executives said they were not confident that all the devices connected to their networks were running only authorized software.
In addition, just 25 percent of financial service respondents and 32 percent of energy respondents shared the same concern.
The study also revealed that 35 percent of retail IT professionals have inadequate visibility into the security of common devices already on their networks, such as routers, switches, modems and firewalls. More than half of respondents don’t believe they can effectively communicate the security risks associated with IoT devices to the C-suite and corporate board.
"Retailers are just starting to understand the potential advantages of massive data collection through distributed sensors. The Internet of Things has the potential to dramatically change the retail experience by bringing together data about consumers in ways that we’ve never imagined," Erlin said. "On a small scale, we can imagine stores that are more efficient for shoppers and have less wasted product. If we think big, why not imagine stores that dynamically stock product just before consumers arrive, or stores that automatically change their physical layout for specific times of the year or day."