Ensuring Retail Cybersecurity Amid Digital Transformation

Technology has transformed both consumer expectations and the shopping experience — and in turn, retailers need to embrace digital transformation or risk being left behind. As retail decides how to reshape itself with technology and data, it’s clear that brands that don’t heed the call to action for digitization will be missing out on serious rewards.

For these businesses, survival means adapting to a whole new set of requirements, most of which are driven by the need to leverage digital technology in its many forms. These range from improving efficiencies in the supply chain to presenting an omnichannel experience to customers. Everything from product development and marketing to production and operations must be transformed if retailers want to keep up. Unfortunately, with all of these changes and moving pieces, cybersecurity is a key aspect that often gets overlooked.

Why Retail Cybersecurity Now?

The more complex their digital environments become, the more risk retailers open themselves up to. As they begin updating their infrastructures — e.g., moving to the cloud, using more apps, collecting more data, and bringing on more devices — they're also expanding their potential attack surface. While this is true for any vertical market, retailers have some unique challenges that bring even more complexity to the cybersecurity equation.

One of those complexities is based on the very nature of what they do: selling products to consumers. Behind every transaction is a plethora of data moving around on the network. That includes customer demographics, personal data, credit card data, shipping information, inventory management, and sensitive financial data. While point-of-sale (POS) apps make life easier for front-line employees, they also make very attractive targets for cyber attackers who hope to extract that valuable data.

In the face of a cyberattack, retailers may be impacted in more ways than one. According to research from Fortinet, 42 percent experienced brand degradation, 40 percent experienced an operational outage that impacted revenue, 33 percent had an operational outage that put physical safety at risk, and 30 percent lost critical business data that had far-reaching consequences long after the cyberattack was over.

Another challenge that opens up risk for retailers is the need to create omnichannel customer experiences. Even while shopping in stores, customers still seek out digital experiences to enhance their overall experience — e.g., checking online inventory of an item they can’t find, or even managing their store accounts to make payments or check available credit limits. If their wireless networks aren’t secure, retailers can open the door for cybercriminals to reach their customers when they least expect it.

Meeting consumer-driven demands is essential for retail managers concerned about the bottom line. For their IT departments, however, digitalization comes with many risks. With every digital display, every Wi-Fi beacon, every mobile and Internet of Things (IoT) device added, and with a multicloud environment to support all of it, deploying security that covers every possible avenue of attack becomes increasingly complicated.

What Will it Take?

Retail cybersecurity is now just as crucial to business survival as the need to transform. Mega breaches make headlines and damage reputations, and in an era when trust and brand loyalty are critical factors of success, a single breach can strip away any benefits of transformation a retailer has managed to secure for its brand.

To achieve security proficiency, maintain PCI compliance and keep up with ever-changing data privacy regulations, IT departments need end-to-end visibility and control of their environment. With so many devices and POS systems spread across store locations, security teams risk losing sight of what they're protecting. With this in mind, gaining complete visibility of the network is an important goal to establish early on in any retail cybersecurity plan. Achieving this requires an integrated security fabric that covers the entire attack surface, ensures consistent enforcement, and enables single point management and control — even across multiple retail locations.

Security teams also need help with monitoring and responding to a quickly evolving threat landscape. They need rapid response, consistent policy enforcement, and an efficient way to generate compliance reports. They also need proactive threat intelligence that leverages machine learning so they can respond quickly to known and unknown threats. This, combined with unified management and the automation of a variety of manual tasks, can also help keep costs under control.

Finally, to round out the retail cybersecurity picture, organizations need to consider deploying a secure SD-Branch solution, which provides security and increased performance via secure SD-WAN at the edge, as well as providing secure connectivity to the local retail network.

The Next Steps

While the digital revolution is well underway for retailers, the retail cybersecurity revolution has only just begun. By taking the right steps, retailers can secure both the progress they've already made through digital transformation, as well as additional efforts going forward. It all starts with awareness of the problem; the application of best practices; and an end-to-end, integrated solution that will get them on the road to better security quickly and easily.

Courtney Radke is chief information security officer of national retail at Fortinet. The Fortinet Security Fabric platform secures the largest enterprise, service provider, and government organizations around the world.