Data science is blending with emerging technology to create the ultimate customer experience. While these innovations are turning the fantastic into reality, there are hidden risks that lurk behind such new technologies. Booz Allen's commercial retail experts provide cybersecurity guidance for retailers in this new digital world.
1. Commercial Solutions
RETAIL
REALITY CHECK
The Risks and Rewards of the New Digital World Order
Booz Allen Hamilton Commercial Solutions combines
industry knowledge and relevant experience with the right
people and technologies to reduce risk, improve safety,
and increase profitability for your business. Together, we
can enable you to thrive today, tomorrow, and beyond.
2. 2
THE FUTURE IS HERE
Data science is blending with emerging technology to create the
ultimate customer experience. Advances—such as facial recognition,
augmented reality, in-store location tracking, and mobile payments—
have intrigued retailers for years but presented challenges because the
ability to truly personalize and automate the customer experience was
missing…until now. While data science is turning the fantastic into
reality, there are hidden risks that lurk behind these new technologies.
As hackers look to take advantage of the personal information retailers
can now collect, knowing the risks and benefits of the new mobile digital
world will help you out maneuver your competition.
Emerging data science techniques are enabling retailers to collect and
analyze information about individual consumers and deliver insights via
targeted customer coupons in real-time, anywhere and to anyone. This
consistent understanding of who customers are, what they want to buy,
and how they want to purchase ties all of these technology innovations
together, opening up incredible new opportunities but also serious risks.
Innovation in the digital age brings emerging cybersecurity vulnerabilities.
With the amount of information retailers are now able to collect about
individuals, companies cannot separate using new waves of technology to
enhance the bottom line from addressing cybersecurity. Major retailers
need to be proactive in avoiding the crosshairs of potential threat actors
and minimizing risk. Strong brand loyalty and consumer trust is critical to
ensuring retailers thrive. Consumers want to know retailers can deliver on
promises while also protecting their personal information. To do that
effectively, retailers must understand the intersection of innovative
technology, data science, and cybersecurity—and what to do about it.
Figure 1—Strong Cybersecurity Underpins Retail
Opportunities
3. 3
The Rise of Omni-Channel Inventory
Retailers traditionally used different
inventory channels, with online sales
sourced differently than stores. Today,
supply chain and data science advances
are giving rise to “Omni-channel
Inventory,” allowing retailers to seize new
revenue opportunities and enhance
customer experience through dynamic,
responsive integration.
THE MARRIAGE OF DATA
SCIENCE & TECHNOLOGY
Predictive. Adaptive. Personalized. This is the promise of blending data science with emerging technology, and it is the new
mantra of retailers who seek competitive advantage. Savvy retailers are already using social media and mobile applications to
engage customers. Highly innovative retailers, however, are breaking new ground—using data science to tie technologies
together into one seamless, personalized customer experience.
The Segment of One
Marketers used to focus on segments of individuals to target key messages and engage consumers. Now, hyper-
personalization emphasizes a “Segment of One” through data science that provides the ability to gather, analyze, distill, and
deliver vast amounts of information in real time. And hyper-personalization pays off. Data from a Retail TouchPoints 2014
Technology Review shows that marketers who fully implement a customer-centric strategy can generate 15% to 25% higher
sales and improve customer lifetime value up to 500%.1
Retailers can now blend insights from individual
online and in-store purchasing habits to better
understand customers—when they buy, how they
buy, where they buy, preferences using social
media, and past purchases using loyalty
programs—to personalize promotions and tailor
offerings. By matching that information with
technology, such as geo-location and facial
recognition, they can also deliver targeted
promotions to mobile devices.
Mobile devices make in-store shopping an interactive experience as never before, while generating enormous amounts of
data for retailers. iBeacons, for example, wirelessly connect automatically to Bluetooth for in-store location tracking so that
individual customers receive customized coupons with dynamically changing displays that meet their unique needs. Retailers
can provide customers with instant online reviews and allow them to buy items as they walk rather than waiting in line.
Customers can have items sent home or send gifts to family and friends—all in store, from a handheld mobile device. And if
they need in-store help, representatives receive key information that is automatically transmitted, such as the customer’s
name and purchasing history, to provide tailored support. In-store retail associates are also now armed with mobile devices
and kiosks to provide the most up-to-date inventory information for tailored recommendations.
This technological revolution isn’t just occurring in front of the customers’ eyes.
It’s also happening behind the scenes, reshaping the way retailers manage
inventories and supply chains. Data science is taking the just-in-time concept one
step further, providing retailers with real-time inventory management. Retailers
are using a combination of radio-frequency identification (RFID) tags, cameras,
and data analytics to monitor inventory levels within the store aisles. As
customers take stock of the shelves, alerts are sent and new items are restocked,
even before the store runs out of the item. Using mobile technology to track
customer movements and patterns, matched with purchasing habits and even
social media trends, retailers can better anticipate inventory demands for specific
stores that would never had been visible without data science.
1 2014 Technology Preview: Exclusive Predictions from 22 Retail Executives; Retail TouchPoints; 2014
Life me Sales Increase When Applying a Customer-Centric Model
500%
Source: 2014 Technology Preview
Figure 2 — Retailers who focus on customer experience generate 5x more sales
4. 4
CYBERSECURITY IN THE
CHANGING LANDSCAPE
Capitalizing on emerging technologies and data science for a customized “Segment of One” is an ideal scenario for retailers;
however, it also creates an ideal scenario for hackers. Data science yields great power to collect enormous amounts of
information and develop insights about customers, but it also introduces new risk, with devastating impacts if it falls into the
wrong hands. Customer data—the new currency of the digital age—makes retailers a prime target for attacks.
As retailers launch new technologies and apply data analytics, cybersecurity risks increase in several key ways:
1. The attack surface increases exponentially.
Flowing data between online locations, mobile devices, in-store devices, and supply chains increases the opportunity for
attackers to break into systems by expanding the ways in which threats can infiltrate a system.
2. New technologies inherently bring unknowns.
Retailers often don’t identify vulnerabilities until after technologies are launched and are live on the network. Holes,
weaknesses, and unintended consequences won’t often show themselves until after going live with customers.
3. Automation increases the impact of an attack.
The sheer amount of data that systems consume and process necessitates automation. Yet, while automation may bring
speed to business, it also removes the “biological” safety net and allows malware to spread malware more quickly.
Even if attackers do not gain access to specific
financial information, they can use stolen data for
identity theft—impersonating customers to secure
fraudulent credit cards, open fake bank accounts,
or make other bogus purchases. Phishing attacks,
which are a common way to trick individuals into
sharing personal information, can now become
more advanced. With access to customer
movements, hackers are able to customize emails
based on location or transaction history to
increase their perceived legitimacy and, thereby,
the success of their attacks. Other hackers
conduct privacy extortion by holding personal
information for ransom to a retailer or consumer
for a specified amount.
These examples offer a mere snapshot of the ways in which hackers can exploit retailers and customers if they obtain this
critical information. The recent cybersecurity breaches of large, well-known retailers demonstrate the increased vulnerability of
the retail industry. Both physical store locations and online stores are now at risk.
5. 5
Key Cyber Controls
When assessing your program’s maturity,
pay particular attention to:
Threat Intelligence
Security Monitoring
Privacy Policies
Identity and Access Management
Incident Response
Mobile Technologies
STAYING OUT IN FRONT
Retailers are in a tough spot, working to balance competitive pressures and opportunities to innovate with unknowns and new
threats. Fortunately, you can get ahead of the changes, the risks, and the competition with a few smart moves.
Get serious about cybersecurity
Cybersecurity can no longer be an afterthought of technology development. You
need a comprehensive understanding of how threat actors exploit your
vulnerabilities and the cybersecurity implications that new technologies pose.
Strong cybersecurity comes down to effective risk management: The better you
understand your risks, the more confidently you can develop new technology. If
you do not have a formal cybersecurity risk management framework, you should
develop one to help you systematically identify risks, categorize risk options, and
guide policy and decision-making.
You should also consider leveraging a cybersecurity maturity model to assess
your cybersecurity program’s controls and operations against industry best
practices. You can then identify gaps and create a detailed roadmap to increase
the effectiveness of your program. This is not a compliance audit, but rather a
comprehensive evaluation of your program’s maturity. Compliance audits often
focus on a “yes” or “no” standard and do not account for how to best evolve your program given your specific strategic goals
and market circumstances.
Apply a disciplined approach to technology development
Technology is often pushed into the market before it is fully vetted, with the hope that the market will help shape the
technology’s development and that defects can be managed via updates and patches. This approach causes issues with
cybersecurity. It’s one thing to patch a minor glitch in performance; it is quite another to race to patch a major vulnerability.
This is why comprehensive and robust cybersecurity testing must be part of product development. You should not only test
individual aspects of your technology (e.g., specific functions or sections of code) but also test the entire technology, with all
elements integrated. Integrated testing often reveals vulnerabilities that individual, “siloed” testing does not surface. Pay
particular attention to the open source code. Given the incredible amount of code that must be developed for new technology,
open source code is a significant time saver; however, since this code is copied from the internet, it needs extra scrutiny.
If your technology interacts with other systems, particularly legacy systems, you also need to test for unintended
consequences and vulnerabilities when systems interact. Testing ends with the developed technology, but all of it must
function in an integrated, digital ecosystem that must be tested as a whole.
Use Big Data as a big stick
Retailers are also harnessing the power of data science and emerging technologies through predictive cyber threat
intelligence to protect against the new that risks big data and emerging technologies create. Predictive cyber threat
intelligence is transforming the retail industry’s ability to gather, mine, and analyze vast amounts of cybersecurity threat
information to protect against advanced persistent threats, fraud, and insider attacks. Analysts are using new technologies like
Splunk to comb social media sites to ingest and analyze terabytes of cyber threat data.
By combining big data, cloud computing technologies, and analysis tools, retailers can obtain additional fidelity into current
cybersecurity operations and use insights to make risk-informed and data-driven decisions. Predictive cyber threat intelligence
gives you insight into cyber threat actors—including their tactics, techniques and procedures—for proactive defense.
This predictive cyber threat intelligence “big data warning system’ uses the power of big data to help reinforce your
organization’s cybersecurity posture. Similar to the customer experience, retailers can be more predictive, adaptive, and
personalized in their response to prospective threats. And similarly, as competitive pressures propel retailers to find creative
ways to outmaneuver competition, emerging technologies and data science are new weapons in your arsenal.
6. Booz Allen Hamilton has been at the forefront of strategy and technology consulting for more than a century. The firm
provides business and technology solutions to major corporations in the financial services, heath, energy, manufacturing, and
other markets, leveraging capabilities and expertise developed during decades of helping US government clients solve their
toughest problems. Booz Allen is headquartered in McLean, Virginia, employs more than 22,000 people, and had revenue of
$5.84 billion for the 12 months ended March 31, 2014. To learn more, visit www.boozallen.com. (NYSE: BAH)
IT’S ABOUT TRUST
Imagine a scene: As customers enter a store, they pass electronic displays. Their faces are scanned and coupons appear on
Google Glass. Reality blends seamlessly with the digital world. Customers browse product reviews and compare prices via
real-time apps. Items are purchased from mobile devices with automatic delivery.
Now imagine a cyber-criminal hacking into this customer experience. Within an instant, personal information is gone—credit
card numbers, name, home address, date of birth, even smartphone-stored apps with unpurchased products.
This scenario is not science fiction. This technology exists and is fundamentally reshaping the retail industry. Leading retailers
are those who can effectively manage emerging technology and instill trust and confidence in consumers.
Retailers have long invested in developing brand loyalty with consumers. With the convergence of emerging technologies,
data science, and cybersecurity, trust is an even more critical part of your brand. Customers need to trust you to understand
their particular needs. They need to trust that you can deliver on increasing demands for convenience, flexibility, and mobility.
Most of all, they need to trust that their personal information is secure and will not be wrongfully used. The amount and kind of
personal information retailers collect and analyze makes most people a little uncomfortable. Companies that build the trust in
their systems, while leveraging the benefits of new innovations, will win market share.
To learn how Booz Allen Hamilton can help
your business thrive, contact:
Booz Allen Hamilton
Susan Maly
Commercial Solutions
Washington, DC
Tel +1 703-377-6448
Maly_Susan@bah.com
Boozallen.com/commercial
Ian Bramson
Commercial Solutions
Denver, CO
Tel +1 240-675-0840
Bramson_Ian@bah.com
Boozallen.com/commercial
Sedar Labarre
Commercial Solutions
Washington, DC
Tel +1 301-452-4996
Labarre_Sedar@bah.com
Boozallen.com/commercial