The rise of more complex and digitized supply chains is leading to an uptick in risks.
Supply chains and retail landscapes are getting more digital, but not all companies are adapting.
In fact, too many seem to be turning a blind eye.
In a survey from the 2023 Convenience Store News Technology Study, only 38 percent of respondents called improving data security a top business priority.
As we enter 2025, the new year presents an opportunity for convenience store leaders to learn more about the key cybersecurity threats and what can be done to mitigate these threats.
The Supply Chain is the Priority
As supply chains become more complex and digitized, bad actors are seizing on opportunities for cyberattacks — and there are many more than most retailers realize.
Consider the recent discovery of vulnerabilities in automatic tank gauge (ATG) industrial control systems (ICS).
Researchers revealed critical vulnerabilities in six ATG systems from five vendors across critical infrastructure, including retail and hospitality.
Should attackers exploit these vulnerabilities, they could gain control of ATG systems to disrupt fuel supplies, leading to physical, environmental and financial harm.
Looking into 2025, risks like these will only multiply.
To become more resilient in the new year and beyond, convenience store executives and store owners must turn their attention to supply chain risk management, specifically vendor risk management.
In recent years, there’s been a steady increase in attacks originating from third-party vendors.
Once bad actors have compromised a supplier’s network, they can use it as a foothold to gain access to retailers’ systems, making way for data breaches, credential theft, ransomware, malware, etc.
Of course, retailers cannot simply stop working with much-needed suppliers.
Instead, to shield themselves from cyberattackers, retailers should ramp up vendor risk management.
This may mean adding cybersecurity requirements to vendor contracts to outline security measures vendors must uphold (e.g., data encryption, access controls, etc.).
Additionally, teams should conduct regular risk assessments to screen vendors for potential cybersecurity risks.
Resources are available for vendors who need some assistance in developing a more robust cybersecurity posture, such as LinkSECURE, a program for small- to mid-sized vendors and service providers that have limited IT or cyber resources.
Beyond vendors, retailers need to pay greater attention to the supply chain as a whole.
Increased supply chain visibility empowers retailers to understand not only what but who makes up the supply chain — and what their weaknesses are.
Again, regular auditing and monitoring processes are helpful as they allow staff to identify visibility gaps, uncover weaknesses and find areas for improvement.
Don’t Neglect New Tech
The supply chain is indeed a big source of cybersecurity threats for convenience stores, but there are plenty of other threats closer to home.
Consider self-checkout kiosks.
While self-service registers may bring new efficiencies for store owners in the name of faster, cheaper operations, they also introduce new cybersecurity risks.
These kiosks handle scores of sensitive customer information every day, which spells plentiful opportunities for cyberattackers.
Phishing attacks, where bad actors rig kiosks to prompt customers to enter personal details to “create” an account, are just one nefarious example.
But even without duped customers, self-checkout counters still pose risks.
Because they’re connected to a store’s network, they’re another point of entry for attackers to target and infiltrate.
Retailers face cyber threats beyond the shopfront, too.
As the electric vehicle (EV) market continues to expand, convenience stores are “uniquely positioned” to host EV charging stations.
This is a service many customers will appreciate, but cyberattackers will, too.
Like self-checkout kiosks, EV charging stations are often connected to a store’s network, giving bad actors another entry point through which they can exploit network vulnerabilities to gain access and inject malware, deploy ransomware, steal sensitive data, etc.
Once again, third parties create challenges.
Many store owners rely on third-party providers to manage their EV charging stations.
But if these providers have cybersecurity weaknesses, they can open the door for attackers to infiltrate retailers’ networks via charging stations.
So, convenience stores will need to be vigilant when implementing new technologies.
Above All: Train the Staff
What are convenience stores to do in the face of rising cybersecurity threats?
Perhaps above all, retailers should make cybersecurity training the priority of 2025.
When educated about cybersecurity risks and bad actors’ tactics, staff can better detect and deflect threats on the job.
Many executives, however, make the same mistake: creating cybersecurity training that is too technical (and dull) for non-IT staff.
Instead, store owners should tailor cybersecurity training to the non-techie’s point of view, i.e., providing real-world examples of cybersecurity risks, eliminating dense jargon and engaging staff in diverse practice activities.
Cyber risks will only worsen in the next year, with threats from the supply chain, third-party vendors and new technologies creating a dangerous landscape for retailers.
One of the best lines of defense is education, training staff to understand the risks and arming them with the knowledge to respond safely to threats, in 2025 and beyond.
View article source here.
Subscribe to our free mailing list and always be the first to receive the latest news and updates.