Retail Resiliency: Securing and Enabling Innovation During Uncertain Times

istock 1058694620
iStock

If there is one thing that I know, it’s that retail is resilient. Unlike any other industry, retail has continuously needed to adapt and transform to meet customer demands, remain competitive, or react to economic downturns caused by domestic and global events. Now, more than ever, the retail industry is continuing to show its resiliency by responding to recent events with rapid innovation, expansion, and partnerships the likes of which have not been seen before.

An unfortunate truth, however, is that threat actors are using these uncertain times as a springboard to capitalize on shortcomings, gaps, and risks – some of them new, and some of them left unchecked previously which have now been magnified. Here are some of the ways retail is remaining competitive along with some tips to ensure the security and continuity of their business operations.

The Benefits and Pitfalls of Rapid Digital and eCommerce Expansion

In speaking to many companies who have already adopted digital and ecommerce strategies, many are now seeing an uptick in traffic (clicks, revenue, customers). Some are also seeing different demographics, including those that previously avoided ecommerce but are now forced to participate for obvious reasons. This is particularly prevalent right now with health and grocery related ecommerce buying. At the same time, businesses that were previously slower to act on their digital strategies have now been forced in action.

The question is, how can businesses satisfy current demand, and possibly retain new customers, while keeping themselves and their customers secure?

Scaling Security Effectively

First, they will need to be able to scale to meet the current and growing demands of legitimate customers as well as the growth in non-legitimate attempts to access retail platforms. This not only includes web store fronts and mobile applications, but supporting infrastructure such as firewalls and load balancers as well. But how do these businesses rapidly scale up to meet today’s demand, and then cost-effectively scale down, if necessary, once the surge is over?

In any networked environment, the scalability of security is the biggest challenge. Front-end web application firewalls, internal and backend firewalls, and load-balancers are all needed to help stem the tide of illegitimate traffic coming in, and to combat any issues from threats that make it through – all while still allowing your customers to reach their intended destinations and shop with confidence.

The keys here are ensuring high traffic capacity, geo-IP filtering, robust alerting and reporting, and deep integrations with other security tools. A single, integrated security fabric comprised of fully interconnected solutions ensures that visibility and policy enforcement extends consistently across the entire network, from front end servers and high-speed data centers to cloud-based applications, infrastructures, and services. Another key investment is in pre-authorization security (such as Auth0 or Onelogin) to rapidly integrate authentication and authorization across web, mobile, and legacy applications.

Overcoming Limited Resources to Ensure Security Scalability

The challenge is scaling security in kind when resources may be limited. Network and security teams have already been pressed into the front lines to scale up for the influx because, similar to the Holiday shopping season, threat actors are sure to try and capitalize on this move to ecommerce. In fact, we have already seen this beginning.

However, in times where there may be skeleton or rotational staff, cyber teams will need to fast-track automation and orchestration efforts to keep up with the demand on their critical systems and workloads. In addition, such things as centralized management, alerting, and reporting will be just as critical as teams cannot afford to be working in different silos, especially when faced with an already daunting task. It will also require real-time information sharing between different tools in order to identify hard-to-discover threats and coordinate a threat response across the entire distributed network.

Rapid Change is a Double-edged Sword

The changes in buying patterns we are seeing now may remain long after this event has ended. The biggest barrier to change is often cultural, and not because of any limitations of the technology. But once those cultural barriers have been bridged, there is no reason to return to the way things were. In 2004, for example, the SARS outbreak in China forced companies to start selling their products online. Companies like JD.com stepped up to the plate, and they are now the largest online retailer in China.

Similarly, the Covid-19 outbreak is requiring businesses to create and maintain a larger digital and ecommerce footprint than ever before because customers who had been averse to things like shopping for grocery items online are now  taking the plunge. Those retailers that are able to be there for their customers now may continue to see benefits down the road.

Maintaining Trust and Integrity with your Customers

The next issue is, what do retailers do with this sudden influx of new customer data that is being ingested, especially in light of recent requirements such as GDPR and CCPA? (Will regulations lighten up during this time? Will consumers allow it?) Companies that are now seeing increased traffic through their digital/ecomm platforms have an even greater responsibility to ensure their customers can shop with confidence. While a security incident at any time can be a major business-impacting event, one that occurs during a time of vulnerability, especially when customers have limited alternatives, can be even more damning.

While the retail industry must put measure in place to protect their employees and their customers, their primary security concern must be the end-user. With upwards of 90% of intrusions originating through email or social channels, security awareness and training may pay more dividends than all the tools and software money can buy.

Right now, the public is anxious to consume any information possible when it comes to the global COVID-19 pandemic. Businesses must take steps to inform their customers of the ways they will communicate throughout this situation, and ways they will not. They must also then provide a few tips on email and social media security so their customers can tell the difference between legitimate communications and online scams. Likewise, internal training and awareness must continue, especially as isolation and the lack of a normal routine may lull your workforce into clicking on a link or forwarding an email they otherwise would not have.

Final Thoughts

Hindsight is 20/20, and what we have learned from past experience is that having a well-laid plan is always the best recipe for success. However, events like we are witnessing today can sometimes turn even the best-laid plans on their head. The best course of action that retail can take now is to avoid rushing into the deployment or expansion of new digital or ecommerce services. Instead, they must remember that careful planning and consideration is required to ensure both a successful solution launch as well as the safety of the consumer. Naturally, this does not mean that efforts cannot be expedited for a quicker turn-around, but they must be carefully understood. Taking short-cuts that include removing or reducing your security posture cannot be part of your playbook.

Learn more about how to maintain business continuity through broad, integrated, and automated Fortinet Teleworker Solutions.

Learn more about Fortinet solutions for retail.

Related:

Copyright © 2020 IDG Communications, Inc.