Meeting the demands of digital-savvy customers – without leaving the door open for cyber criminals

The average consumer is increasingly digitally savvy. Ecommerce has steadily claimed a larger wedge of sales in recent years, and although the trend reversed somewhat as pandemic rules relaxed, over a quarter of all sales in the UK were completed online in 2021.

Even when shoppers are in a bricks-and-mortar store, they tend to expect the same level of connectivity and convenience they can achieve online. Secure, high-speed Wi-Fi connectivity is now seen as a standard offering, and many consumers expect to make use of self-service checkouts and information terminals, as well as other digital features such as QR codes and social media contact points.

Retailers also need to ensure that basic IT infrastructure is fast and reliable. Consumers will quickly run out of patience if standard activities such as completing sales, collecting online orders, or checking inventory availability take too long. Physical stores also need to account for an increasing number of digital assets such as RFID sensors, CCTV cameras, and other IoT-enabled technology providing them with valuable data points.

As a result, a fast and reliable network connection is a deciding factor in whether a retail store can remain relevant in today’s highly competitive, digitally focused market. However, there are multiple challenges in living up to these increasingly lofty digital expectations.

Retailers face a heightened security threat

Most retailers are spread across dozens or even hundreds of locations. Because much of their IT infrastructure is duplicated across these sites, they have an exceptionally large attack surface compared to many other industries. The large number of IoT devices and the provision of public internet for customers further increase their exposure, and criminal gangs are known to specifically target retail assets such as POS systems.

Added to this, these systems are often interconnected using broadband or public internet, exposing the retailer’s network to malicious activity and threat actors. Publicly accessibly Wi-Fi is also open for exploitation if it hasn’t been effectively segmented from the main network.

Exacerbating these security challenges, retailers have long been a favourite target for cyber criminals as they safeguard large volumes of personal and financial information for their customers. Clothing retailers Bonobos and Guess, supermarket chain Wegmans and hobby store Hobby Lobby are just some of the high-profile retailer breaches that made the headlines last year. The trend has continued in 2022, with stationer The Works suffering a serious ransomware attack in April.

The 2021 Cost of a Data Breach Report estimates that the average cost of a retail breach was $3.27 million in 2021, up from $2.01 million the year before. As such, it’s clear that retailers need to take security seriously if they don’t want to find themselves added to this year’s breach statistics.

Security must balance accessibility

Gaining a high level of control and visibility over the entire network is one of the biggest security priorities, as retailers need to be able to quickly identify and mitigate risks across their entire diffuse network. Segmenting guest and corporate network services is also essential in preventing threat actors exploiting easily accessible connections to achieve lateral movement into the network.

However, while strong security is essential, retailers cannot afford it interfering with the connectivity keeping their businesses running. Most importantly, systems like POS and inventory management are business critical and need to run throughout the day without interruption. Provisions like Wi-Fi and interactive digital terminals have increasingly transitioned into being essential and expected elements of the customer experience.

Retailers also have an additional challenge due to extreme peaks and troughs in their workloads. A fashion retailer for example needs to account for the highs of sunny summer weekends, without wasting capital on unused bandwidth during dreary winter weekdays.

Meeting these challenges requires a high degree of flexibility and granular control. However, many retailers are still using traditional approaches such as MPLS, which are too rigid for these dynamic needs, and expensive to deploy at scale.

The public Internet, on the other hand, provides flexibility and easy access to the cloud, is easily available at remote locations, and is cost effective. But the public Internet is plagued with inherent challenges such as latency and packet-loss (especially over long distances and overseas connectivity), not to mention issues around security, network stability, and performance.

A modern networking solution

Meeting the heightened expectations of consumers in the digital age demands an underlying network infrastructure that is agile and reliable while also delivering a high level of security. Retailers also need to ensure that network management and security capabilities can be applied evenly across their entire operation, even when this includes hundreds of individual branches.

Hitting all these goals without breaking the bank demands a new way of thinking. One of the most effective new approaches is known as secure access service edge (SASE). This model focuses on software-defined wide area network (SD-WAN) which moves all the essential network management capabilities into the cloud, meaning that any number of branches can be centrally managed.

Crucially, SASE combines SD-WAN with critical security capabilities such as network segmentation, policy management and intrusion detection into a single point of control, mitigating the risk of threat actors attempting to exploit overstretched IT infrastructure.

The retail industry is extremely dependent on its IT systems for day-to-day operations, and these systems have become increasingly overtaxed as organisations pursue more ambitious digital strategies. Armed with the flexibility and reliability of SASE, retailers can greet their digitally savvy customers without inviting threat actors in alongside them.

Sunil Ravi is chief security architect at Versa Networks