Evolving Security for Protecting Today’s Retail Network Architecture
Retail is arguably one of the world’s most IT dependent sectors, and the opportunities to leverage cutting-edge technology to improve service quality, achieve affordability, and enhance the customer experience are wide open.
Digital transformation and changing customer demands are driving the retail industry into one of the largest overhauls it has ever seen, and the network can make or break this critical transformation. Retail customers demand more media-rich and digital services, as well as increased security and data privacy. The impact of network downtime or service disruption, not to mention a security breach, can result in significant financial and business losses. With so much at stake, the retail industry has no room for network or security failures.
Today’s retail networks that power the underlying infrastructure for digital, cloud-first retail organizations need to be intelligent and built to deliver secure, uninterrupted connectivity to cloud applications. Business-critical applications such as point of sale (POS) and inventory management need to run without interruption throughout a business day. Superior application performance, rock-solid security, reduced deployment times, and minimized cost and complexity of running the networks are some of the things retailers should consider when building a future-ready WAN.
Security is seen as one of the biggest points of concern in retail. Last year the long list of retail security breaches hitting the headlines included Wegmans, Bonobos, Guess, Carter’s, Hobby Lobby, Volkswagen, and more. The average cost of a retail data breach in 2021 was $3.27 million, up from an average of $2.01 million in 2020, according to the 2021 Cost of a Data Breach Report. That represents a 62.7 percent increase, but remember that costs from a breach are much more than money stolen from the company or its customers. Retail data breach costs also include compensating customers with credit monitoring and identity monitoring services, litigation if a class-action suit occurs, and, of course, fixing the breach and preventing future attacks. It’s clear that reputation cost and lost consumer confidence following a breach affecting customer privacy can eclipse the lost revenue from business disruption by a long shot.
Retail’s Evolving Attack Landscape
The world’s fragile state during the COVID pandemic opened the door for an aggressive wave of cyberattacks. Ten years ago, retail’s on-premises focused security personnel were able to identify network attacks very quickly since most took place in the top-level layers of a system, often through a malware attack. These days, however, vulnerabilities are exploited over long periods of time, with more massive destruction to the network in mind. Retail organizations can no longer assume that their network systems will remain safe.
Cyber thieves are also infiltrating through underlying networks, passing from router to router and accessing information located far below a system’s top level. The evolution of these attacks means that retailers may not be aware of a breach for long periods of time, increasing the amount of harm to the company and overall network that can be performed.
Retail organizations should update their security strategies to address worst-case scenarios and assume that at some point they will be victims of an attack. This means understanding that any single employee may serve as a hacker’s entry to access company systems. Anyone can be fooled by increasingly sophisticated attacks and click on a phishing email, resulting in an opening for malicious events.
Focus on Analytics and Visibility
To address these sophisticated attacks, analytics and visibility are instrumental in strengthening a retail organization’s security posture, particularly when it comes to remote store locations. Analytics and visibility deliver invaluable insights into a company’s ongoing security status and can help identify critical vulnerabilities previously unseen. While IT leaders traditionally have focused on their organization’s connectivity and security, these days analytics and visibility of distributed networks are getting their fair share of attention.
The type of information this approach provides can prove vital for the rising number of retailers suffering an attack. The first challenge after a breach attempt has been identified and systems have been shut down is to determine how far cyber thieves have infiltrated before being detected, and what exactly they accessed. This is particularly true in cases of ransomware, where a retailer must be able to determine the criminal’s activity on its systems. Hackers may claim they accessed and encrypted five terabytes of data, but a retail IT team may be able to see they collected only a handful of files before being shut out. Only with complete visibility will retail organizations have the information they need to counter a criminal’s claim.
Approaches to Strengthen Healthcare Architectures
Retail firms can strengthen their network architecture against attacks through a number of approaches. For example, Zero Trust Network Access (ZTNA) technologies should be a high priority to limit access to privileged accounts and private data left easily accessible. Requiring authentication before granting access is an important way to protect the retail network and keep sensitive data secure.
Many retail organizations need to reassess their infrastructure foundations before additional security approaches can be considered. Integration is critical for strengthening a retailer’s network architecture since many have disparate systems that should ultimately be integrated. Integration will not only simplify systems and their management, it will provide greater accessibility, security and flexibility. Achieving strong integration will enable teams to have greater visibility into their distributed retail systems, making it easier to identity and defend against incoming cyberattacks.
Steps Toward a Secure Future
Approaches such as Secure Access Service Edge (SASE) can go a long way toward strengthening a retail company’s network architecture. SASE is the integration of security and networking solutions, such as firewall-as-a-service (FWaaS) and ZTNA, into a unified service that can be delivered entirely through the cloud. Cloud delivery offers retailers greater flexibility, making it easy to apply security services and consistent policies to remote store locations where they're needed. Secure and seamless transition from the cloud is critical since so many applications are cloud based, including collaborative communications.
Cybersecurity needs to become more of an integrated consideration for every new project. For example, in today’s distributed environment, every area needs embedded security, including remote locations and anyone working remotely. Simply educating employees about security risks isn't enough to protect networks from malicious attacks.
In today’s world where any organization can be a target for cyberattack, a strongly secured network architecture and end-to-end visibility are the building blocks to a resilient security posture. Enabling a single point of control using approaches such as SASE will help ensure retail companies can create a more streamlined and secure network architecture, whether from its headquarters or remote locations. To protect private data and networks, all organizations should work toward a common goal — implementing an approach that combines the crucial elements of network architecture, security and visibility.
Kelly Ahuja is the CEO of Versa Networks, a secure access service edge (SASE) vendor.
Kelly Ahuja is a seasoned industry veteran with more than 20 years of experience in networking and telecommunications. He currently serves on the board of directors for two startups in Silicon Valley. Kelly spent 18 years at Cisco rooted in the design and deployment of telecommunications networks. He was most recently SVP of Service Provider Business, Products and Solutions at Cisco where he was responsible for developing and managing the service provider segment strategy and portfolio. Kelly held several other senior executive roles at Cisco, including SVP and GM of the Mobility Business Group, Chief Architect for the Service Provider business, and SVP and GM of the Service Provider Routing Technology Group.