This is a summary of an article written for Total Retail by Courtney Radke, CISO of National Retail at Fortinet. The entire article can be accessed here.
The evolving nature of technology and changing consumer expectations is a constant — something retailers quite simply must embrace or avoid falling behind. For businesses to survive in this new era, they must adapt and accept that their success ultimately hinges on how well they can utilize digital technology in its many forms. These range from those focused on improving efficiencies in the supply chain to to those that offer customers a a more consistent and connected omnichannel experience. In other words, if retailers want to keep up, they must be prepared to transform everything from product development and marketing to production and operations strategies. But while these changes can and often do bring positive results, there is an aspect of this shift that often gets overlooked: retail cybersecurity.
The Pertinency of Retail Cybersecurity
The more complex retail networks become, the more risk is presented to these businesses.This issue quickly becomes compounded as the speed of technology to support the customer experience often outpaces security controls. As retailers expand their digital infrastructures to improve the user experience (i.e., moving to the cloud and bringing on more devices), they’re also expanding their potential attack surface. While this can be stated for any vertical market, there are distinct challenges that make retail cybersecurity a much more complicated matter.
One of these complexities may seem obvious but it lies in the fact that retail centers on selling products to consumers. Now, more than ever, this means creating connected experiences to build and enhance the value chain. Each transaction –be it swipe, click, or tap — introduces new data to the network, including customer demographics and sensitive financial data, among others. These data points are captured through point-of-sale (POS) systems, mobile applications, and e-commerce platforms, to name a few. Each being attractive targets for cyber criminals who hope to steal this valuable information for financial gain – but this may only be the tip of the spear when it comes to impact to the business.
In fact, when faced with a cyberattack, retailers may feel the effects in more ways than one. In a study conducted by Fortinet, it was found that 42% of retailers experienced brand degradation, 40% experienced an operational outage that impacted revenue, 33% experienced an operational outage that put physical safety at risk, and 30% lost critical business data. What this demonstrates is that the impacts of a cyberattack can be long-lasting and hinder retail operations for an extended period of time.
It is a given that retailers must continue to create omnichannel experiences for their customers. This is how they attract and retain their customers who are continually seeking out ways to enhance their overall user experience. These can range from something as simple as checking online inventory and managing store loyalty accounts to more complex tasks such as utilizing mobile applications, IoT devices, or processing payments using contactless commerce technologies. It is true that meeting these evolving consumer demands is critical for retailers concerned about the bottom line; and rightfully so. But at the same time, this focus on digitalization comes with several risks. Every connected display, every Wi-Fi beacon, every mobile and IoT device added – not to mention all of the technology under the umbrella of a multi-cloud environment – makes it difficult for IT teams to deploy security that covers every possible avenue of attack. Retailers need to plan for success when it comes to secure digital transformation.
Establishing an Effective Retail Cybersecurity Plan
Retail cybersecurity should be considered just as critical to the survival of businesses as digital transformation. Large-scale data breaches can quickly damage reputations, and in a time when trust and brand loyalty are seen as major determinants of success, a single breach can steal away any credibility that a retailer had previously secured for its brand. With this in mind, retailers can no longer leave security as an afterthought in their transformation strategy.
For retailers to achieve security proficiency, maintain PCI compliance, and stay up to date with ever-changing data privacy regulations, their IT teams require extensive visibility and control across environments. Considering the number of devices and POS systems dispersed across store locations, it can be easy for security teams to lose track of what they’re meant to protect – this is why end-to-end visibility must be achieved early on, and continuously maintained, in any retail cybersecurity plan. This requires an integrated security fabric that establishes consistent enforcement across the entire attack surface; it should also enable centralized and consolidated management and control, even when it comes to the largest distributed retail networks.
In addition to achieving this level of visibility, security teams must also be able to monitor and respond to a quickly evolving threat landscape. For this to happen, they need to rapidly identify threats, have consistent policy enforcement, and streamline alerting and reporting – and it cannot be manual. By combining proactive threat intelligence that leverages machine learning with unified management and the automation of manual tasks, IT teams can quickly respond to known and unknown threats while also keeping costs under control.
One of the best ways for ways for retailers to accomplish this is by deploying a Secure SD-Branch solution. Doing so provides security and enables increased performance via Secure SD-WAN at the WAN edge while also ensuring secure connectivity –and protection for east/west traffic – on the LAN edge. When SD-Branch functions are consolidated into a single platform, it can be one of the most cost-effective and immediately impactful investments a retailer can make.
Embracing the Retail Cybersecurity Revolution
Retailers have been quick to embrace digital transformation as a means of improving operations and the user experience, but many are just starting to understand the role of cybersecurity in this process. To get the most out of the investment they have made – and will continue to make – into digital transformation, they must security is purposefully and planfully built into their overall strategy – and not an afterthought. This starts by gaining an awareness of the threats that may impact the business, and the industry, and utilizing a platform approach to cybersecurity that will set them on the path to better security and risk-management for their brand, their business, and their customers.
Find out more about how Fortinet offers retailers a broad set of network and security technologies that are seamlessly integrated and automated to help retailers secure digital transformation initiatives.