Mar 11 2024

How Retailers Can Reduce the Security Risks of IoT in Retail

Operational technology assessments can help retailers overcome the challenge of expanding surface attack areas as Internet of Things integrations extend to OT networks.

Editor's Note: This article was originally published in February 2024 and has since been updated to reflect the most current information and industry trends.

Retailers are beginning to routinely integrate Internet of Things assets into enterprise management systems. IoT use cases in retail include everything from supply chain optimization to inventory management and even predictive equipment maintenance.

The global IoT retail market — valued at almost $42.5 billion in 2022 — is expected to grow at a compound annual growth rate of nearly 28.5 percent through 2030.  IoT is at the intersection of IT and operational technology, so these integrations are naturally extending to OT networks. While this brings with it myriad new capabilities, it also gives rise to new security concerns.

Every IoT asset that integrates with an OT network is a new entry point for attackers to exploit. Retailers’ IoT devices are generally vast in type and number, meaning that the entry points for cyberattacks increase exponentially. So, it’s in retailers’ best interest to explore OT assessments.

Click the banner to learn about the comprehensive IT solutions modernizing the retail experience.

What Is an Operational Technology Assessment and Why Is It Useful?

Cybersecurity assessments are a standard practice, but they sometimes focus overly on IT. There’s long been a disconnect between the rise of maturity in IT networks and what have been comparatively dormant OT networks. An OT assessment changes this focus.

As the name implies, an OT assessment addresses an organization's IoT/OT security risk, positioning it better to handle malicious attackers. Through it, organizations can better understand their current OT landscape, from the number of IoT assets connected to the environment and the baseline expectations of those assets to events that must be monitored and triggers for “problem events.” An assessment then determines a roadmap of how to address security gaps going forward.


The percentage of operational technology organizations that reported at least one intrusion in a 12-month period

Source: Fortinet, “The State of Operational Technology and Cybersecurity Report,” May 2023

Fortinet’s 2023 State of Operational Technology and Cybersecurity Report notes that 3 out of 4 OT organizations experienced at least one intrusion over a 12-month span. Such a roadmap can prove particularly useful to retailers, especially considering the ramifications of an OT intrusion. 

According to McKinsey, “OT cyberattacks tend to have higher, more negative effects than those in IT do, as they can have physical consequences (for example, shutdowns, outages, leakages, and explosions).” In fact, of the OT cyberattacks publicly reported in 2021, “approximately 35 percent had physical consequences, and the estimated damages were $140 million per incident.”

DISCOVER: How can operational technology assessments help bridge the IoT divide?

How Can an Operational Technology Assessment Help Retailers?

Between the in-store and online experience, retailers use a wide variety of IoT assets, such as smart shelves, smart mirrors, radio-frequency identification tags and beacon technology. It’s part of how they elevate in-store experiences and improve omnichannel commerce. An OT assessment can be particularly advantageous for retailers because it ensures that operations run efficiently and that all points of integrated tech work together.

This kind of review can also help retailers identify cyber vulnerabilities, particularly as they expand their digital attack surface. A report by Trend Micro notes that 30 percent of retail IT and business leaders cite too many tools and vendors as one reason that it’s difficult to manage security; 40 percent say it’s spiraling out of control.

UP NEXT: The future of IT and digital transformation has arrived.

Left unchecked, this problem can escalate. But an OT assessment can help contain cyber risk. CDW offers a multipronged approach including detection, definition, decision, deployment and defense to help retailers review their IoT/OT security posture.

DSCimage / Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.