By Tom Callahan, PDI Software
Over the past year, COVID-19 drove c-store operators to accelerate their technology strategies and adopt contactless payment, home delivery, and curbside pickup. Of course, that was in addition to deploying a multitude of other edge devices like POS systems, tank gauges, digital displays, self-service kiosks, and more.
While all these connected technologies certainly made shopping easier for consumers and management easier for operators, there was a tradeoff. C-stores are now increasingly vulnerable to cybersecurity threats.
Let’s look at some of the reasons security should be a top priority for retailers this year and the steps they should take to defend against an attack.
Mobile Adoption Continues Its Upward Climb
First, c-stores are increasing their adoption of mobile payment technology to offer consumers additional and convenient ways to pay beyond using cash. According to the Global Consumer Insights Survey 2020, 45% of consumers said they were using their mobile phone last year more as a shopping channel since the COVID-19 outbreak. In addition, the 2020 Global C-Store Shopper Report stated that 39% of respondents said they used their loyalty program’s mobile app to pay for purchases. And, last year, many c-stores continued to offer consumers the option to pay with a private label debit through their mobile devices.
Lastly, increased mobile adoption of mobile will only continue as 5G technology offerings expand. While this new technology combined with better performance—including faster speeds, more data capacity, lower latency, and precise location sensing—has significant implications on the c-store customer experience, it also presents new security risks.
Hackers Are Ramping Up Their Efforts
As retailers were trying to keep their store shelves stocked, consumers happy, and businesses going, hackers were trying their best to exploit their weaknesses. VMWare released the results of its first cybersecurity threat survey last year that showed 92% of respondents in the U.S. said the number of cyberattacks had increased in the last 12 months. A supplemental survey specifically found that a staggering 89% had been targeted by malware directly related to COVID-19. So why did this happen last year and why were c-stores a target?
The National Association of Convenience Stores (NACS), lists data breaches and payment security at the top of the list of “major issues affecting the convenience industry.” After malware attacks, data breaches at major convenience store chains often go unnoticed for months, by which time huge amounts of sensitive customer data are either compromised or stolen.
In addition, as many c-stores embarked on a complete digital transformation last year, they also became more exposed to hackers with the increase of network edge devices. With so much more business activity happening at the network edge, there was far greater potential for configuration mistakes and human error. As a result, retailers must ensure that their security measures account for this higher risk exposure.
How C-Stores Can Reduce Their Security Risk
In 2020, the U.S. government designated c-stores as essential businesses. A year later, retailers are still on the front lines grappling with how to best serve their customers and address the security implications of these ongoing market disruptions. The truth is most security risks can be mitigated by taking a few simple steps.
First, become a hyper-adaptive business. To do this, c-stores will need a technology infrastructure that’s flexible and resilient enough to allow for the unexpected. Retailers should also consider SD-WAN technology along with Managed Detection and Response (MDR) services that can provide ongoing visibility to hackers and unwanted attacks. SD-WAN technology can reduce the number of network devices and connections needed at each remote site, while significantly lowering network complexity, cost, and risk. And MDR can provide a more cost-effective, individualized approach to securing an otherwise vulnerable business infrastructure across the entire supply chain.
What To Expect
Many IT operations teams last year couldn’t possibly cover the full cost, deployment, and staff needed to securely overhaul c-stores and implement a total digital transformation required to support customers during the pandemic. There were a lot of lessons learned, and this year, deploying the necessary security technologies to protect both c-stores and consumers should be the top priority for the industry.
The industry is continuing to experience major shifts. Consequently, 2021 will likely be the year that c-stores begin to heavily invest in security solution platforms and rely on vendors with the expertise to help them scale, reduce risk, and protect their data and assets.
About The Author
Tom Callahan is Director of MDR Operations at PDI, following its recent acquisition of ControlScan Managed Security Services. Tom has spent more than 15 years in information technology and security, focusing on areas like cloud services, cybersecurity, and infrastructure and operations. Find Tom on Twitter at @tomtheitguy and here on the PDI blog.