Future technology in retail part two: Take the red pill

14 July 2017

In our previous article we touched on some of the benefits that retailers expect to get from implementing emerging technologies into their business operations and highlighted the myriad security implications that must first be considered. When grappling with complex, interconnected security challenges it often helps to use a framework to measure progress. In this piece, we will explain the three core principles around which retail organisations should build their emerging technology cyber security framework.

The Sky(net) is not falling

First things first, there is a lot for retailers to consider in this area. The integration of new technologies into a business’ core operations always introduces new complexity and potential avenues that attackers could exploit, both of which are magnified in the case of AI, IoT, robotics and drones – i.e. the four of the essential eight technologies that we feel will transform the sector the most (the ‘focal four’ if you like, see the diagram to the right). However, provided security is considered early and fully they need not be insurmountable challenges.

170705-115004-RP-OS_680px x 383px_image 3_v1
So how do we suggest retailers’ kick-start their approach to securing emerging technologies?

  1.  Ensure your commercial and cyber strategies complement each other

 Emerging technology should be deployed where it can genuinely enhance a company’s market offering, operations and profitability, rather than just because it is the latest trend. Any new technology implementation should be assessed to make sure all factors are being considered, avoiding any unintended consequences to people, society and the environment by taking a responsible approach. Make sure your technology transformation plan is consistent with your wider business strategy and actively considers security opportunities, challenges and risks from the get go.

 Next, test and repeat! Do not try to overhaul everything at once. Establish a security change management process and then test new technology in suitable business segments, learn the security lessons, improve and repeat elsewhere within the organisation. By getting a grip on security early in the transformation you make manageable a challenge that could otherwise become increasingly impenetrable. Allow security to support rather than block innovation.

2.  Understand your data environment and regulatory obligations

 Retail firms that make the decision to go ‘all-in’ on the ‘focal four’ technologies will be handling more data than ever before. A watertight data governance strategy is needed to make sure this increased data volume is being looked after in the right way, considering the following integral elements: 

  • What data is being or will be produced;
  • Where that data is or will be going;
  • Who owns it/should own it and what responsibilities they should have.

Having developed your understanding of your current and/or prospective data environment and the lifecycle of your data, the requisite controls can be installed at appropriate points across that lifespan. In parallel, build a full breakdown of your specific regulatory obligations, or enhance what is already in place to account for changes in your compliance picture. By cross-referencing your ‘data map’ with your legal and regulatory requirements you can develop a systematic, phased approach to ensuring compliance even if your data environment is significantly altered.  

3. Be ready to respond and recover

 After they decide what you hope to achieve through deploying new technologies and how, retailers need to ensure they are prepared for the worst. Existing incident response protocols, crisis management and business continuity plans all need to be updated and tested regularly as you work through the cycles of technology deployment, especially given the expanded range of suppliers and service providers that will need to be included.

 The same is true, perhaps to an even greater degree, of your approach to vulnerability management, which will become more challenging. Lastly, if retailers do not have sufficient internal response capability, whether technically or in terms of manpower, they must augment it with a recognised provider.

 In particular, emerging-tech-focused retailers’ existing approaches to security monitoring will have to be greatly enhanced to deal with the major increases in the volume of data being handled and the speed at which it is moving. Interestingly, AI and machine learning capabilities will actually become an increasingly prominent part of advanced monitoring solutions, helping to address some of the challenges their adoption elsewhere within the business may have contributed to creating.  

Developing an effective response capability is an absolute must. Things can and will go wrong but by planning for potential incident scenarios and tackling them head on when they arise, you can help ensure that the results of your digital transformation efforts are more ‘Iron Man’ than ‘HAL’.  

Promise and peril

Future technologies have the potential to revolutionise the retail experience for both companies and consumers. However, as in The Matrix, retailers must ‘take the red pill’ – recognising potentially painful security realities rather than indulging the illusion of innovation without risk. By building a robust security model from the outset, you will establish a platform you can rely upon as you modernise and transform your business.

John Nugent is part of PwC’s cyber security consulting practice. He is a CREST Certified Cyber Threat Intelligence Senior Manager (CCTIM) and works with retail and consumer and private equity clients throughout the UK and Europe.




Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated and will not appear until the author has approved them.