To succeed in today’s digitally oriented marketplace, retailers need a strong network infrastructure to tie multiple elements of the shopper journey together. Retailers must be able to automatically link physical and cyber transactions to customer accounts in real time, see and manage inventory and link that information to their applications, and establish granular visibility and control over things like point of sale devices, heating and cooling systems, refrigerated display cases, WiFi solutions and other IoT devices.
Next-Gen Retail Creates Opportunities For Cybercriminals
While this technology is transforming the retail industry, it is also creating an opportunity for cybercriminals. Today’s criminals are looking to take advantage of retailers that, in their rush to adopt new digital merchandising and connectivity solutions, have implemented security as an afterthought. This has resulted in an expanded and exposed attack surface and new security gaps that can be easily exploited.
Cyberattacks can take many forms. Transactions can be hijacked. Applications can be compromised. Ransomware can shut down a business indefinitely and complex backend systems can be exploited, exposing customer data that can be stolen and sold on the dark web. In addition, things like price tampering, cyber vandalism and cyber espionage conducted by competitors are all real issues that today’s digital retailers face.
Where To Start
Regardless of how it happens, the new reality is that your organization will be the target of a cyberattack. The best defense is to start with a security-driven networking strategy that not only hardens your networked environment, but that can also automatically evolve and adapt right alongside the development of your digital presence, rather than having to constantly update your security to keep up with digital innovation.
Here is a quick checklist of four things your organization can do to build and maintain a secure cyber retail presence.
- Integrate security into everything. A security-driven strategy means considering how to integrate security into every project under consideration, before the first device is deployed, as well as understanding how those security solutions will integrate with your larger security infrastructure. An essential security-driven networking strategy has three critical elements.
- First, security needs to set the limits for what the network can do, not the other way around. But it can only do that if security is designed into your infrastructure from day one. This ensures that you don’t open up your organization to cyberthreats when new network functions or platforms outstrip your existing security capabilities.
- Second, security cannot be a bottleneck. Security solutions need to be selected that not only have the scalability and performance that modern networks require, but that can also be deeply integrated into network functionality. This ensures that security adapts simultaneously with the network as it evolves to meet shifting business requirements, rather than being forced to react to network changes resulting in exploitable gaps, as security perpetually lags behind the dynamically changing network.
- Finally, consistent visibility and control is essential. Security tools need to operate consistently across multiple platforms: public and private multi-clouds, virtualized networks, WAN connections and mobile devices. This prevents the sort of vendor and solution sprawl that can overcomplicate security strategies. And where possible, network security and functionality and protocols need to be managed using a common, single pane of glass management console.
- Replace your traditional WAN solutions with Secure SD-WAN. SD-WAN ties flexible connectivity between a branch location, the central network and other stores, while optimizing connectivity to SaaS applications. But it too often leaves security as an afterthought. Secure SD-WAN addresses that challenge by integrating security into the mix, to enable a truly security-driven networking experience.
However, retailers with multiple locations also need to control access and manage the on-site security of the local LAN deployed at each branch. And because most retail locations don’t have on-site IT staff, security needs to be simple and comprehensive. An effective strategy is to extend Secure SD-WAN functionality deep into the branch network to enable Secure SD-Branch. This secures the wireless and physical network access systems, provides Network Access Control, monitors and secures on-site devices, and manages LAN traffic all through a single zero-touch solution.
- Harden your apps. Applications are prime targets for cybercriminals. Attacks such as injecting malware into an application can put both the retailer and its customers at risk. Addressing this challenge requires having a reliable set of security tools available to DevOps teams that can be leveraged during the development of applications, as well as endpoint security tools that can identify and prevent malicious applications from compromising endpoint devices. And ideally, these tools should be identical to those used to secure the rest of the distributed network.
- Monitor your web presence. There has been a spike in cybercriminals using malware such as credit card skimmers to compromise vulnerable web sites. Cross-site scripting (XSS), SQL injection, broken access controls, and similar tactics and malware can compromise your web site and web applications, including online advertising, if they are not developed and hosted properly. A web application firewall plays a critical role in protecting your web sites and applications, a Cloud Access Security Broker (CASB) extends that security to your SaaS applications, and endpoint security tools close the gap at the network edge for mobile users.
Begin With The End in Mind
No one plans to expose their network and data to cyber risks. But when you only add security as an afterthought, that’s exactly what you are doing. To continue to compete effectively in today’s digital marketplace, cybersecurity needs to be at the top of your list. Security-driven networking, built around tools like Secure SD-WAN and Secure SD-Branch, will enable you to quickly and confidently adapt to market changes to meet evolving consumer demands. Starting with the end in mind, meaning a security-driven digital presence that can adapt to your needs without compromising the security of your business or customers in the process, will give you a critical advantage in attracting and keeping your customers.
Nirav Shah has more than 15 years of experience working in the enterprise networking and security industry. He serves as Fortinet’s products and solutions lead for FortiGate network security appliances and focuses on NGFW, SD-WAN, Segmentation and Secure Web Gateway use cases. Prior positions include senior software developer and senior product manager for enterprise networking and security solutions for Cisco. Shah holds an MS degree in Computer Science from the University of Southern California.