Key Insights from a Retail Industry Cybersecurity Survey Trends Report
As we have already seen, the short- and long-term effects of COVID-19 on the retail industry are, and will continue, to be very challenging to many companies. The ability to adapt by investing in technology to support new workforce, partner, and operations needs will determine which retail brands survive the pandemic. But switching to new ways of doing business is not enough; a security-first mindset to secure these new approaches is also needed.
Fortinet surveyed retailers on current business changes, challenges, and investment plans including: telework, new technologies and integrations, compliance, the cybersecurity skills shortage, cloud security, and SD-WAN.
Top Changes and Challenges in the Retail Industry
Overall, the research shows that retailers are adding new services and technologies to adapt to the new ways employees must work and consumers are shopping. For example, not surprisingly, 88% of retailers have added or expanded telework and 43% have added or expanded eCommerce. In addition, 42% have added the ability to perform contactless transactions.
When retail companies around the globe suddenly shifted to telework due to the 2020 pandemic, a myriad of new attack vectors were opened up to security threats. Remote users created additional security requirements and presented different challenges than onsite workers. For industries such as retail, which have typically not had as many employees working remote, implementing secure IT infrastructures for a remote workforce was a unique, but necessary task.
In addition, adding or expanding eCommerce and new technologies such as contactless transactions, kiosks, and tablets also come with security and compliance challenges. Retailers have had to fast-track plans to integrate web and mobile applications, order delivery solutions, and other services with their point-of-sale networks.
For example, contactless transactions had the biggest surge in deployments and mobile applications had the next highest increase as a way to serve customers during COVID-19, while kiosks and tablets are primarily being used to provide customer self-service options to make social distancing easier.
Compliance and Security Skills Shortage
Payment Card Industry Data Security Standard (PCI DSS) is one of the challenges businesses face as they figure out how to run transactions. Strict requirements are set in place for protecting customer credit card information that must still be adhered to regardless of any new approaches. Also, the challenges of manually achieving network-wide visibility and enforcing required security controls increase as the network becomes more complex or evolves as new devices are added. Further, demonstrating compliance also becomes more time-consuming, especially as the shortage of skilled IT workers continues.
In fact, 44% of survey respondents indicated staffing was one of their biggest security challenges during COVID-19. Nevertheless, according to the survey retail organizations are using a wide range of approaches to address the cybersecurity skills shortage. Using professional services (34.3%) and automating security functions (31.4%) are the top methods retailers have chosen to mitigate the impact of the global skills gap on organizations.
To manage multiple locations with limited IT staff, retailers must operate with a high level of automation, save time with zero-touch deployment, and gain network wide visibility and control from a single pane of glass.
Retailers are also taking advantage of the agility and cost-savings of cloud deployments. It makes sense, given retailers operate large networks of geographically distributed branch locations that all need access to the same applications and services. However, network infrastructure that sprawls over private clouds, public clouds, and on-premises data centers often create a very siloed environment that is difficult to secure.
According to the survey, retailers are running into a number of cloud-management challenges. The biggest challenge cited was complexity of administration (43%), followed by cost (41%), with secure access and compliance tied for third (40%).
Another survey finding is that more than half of retailers do not know who is responsible for public cloud security. In fact, 55% of respondents did not fully understand that cloud security is a shared responsibility between provider and user.
Retailers also need fast and scalable connectivity to enable seamless transactions to support sales, inventory, purchasing, and other activities. Replacing traditional (MPLS) connections with SD-WAN offers a more flexible approach to connectivity with faster performance and a lower total cost of ownership (TCO), increasing efficiency, and bolstering the customer experience.
74% of respondents surveyed rated security as an important or very important reason for deciding to deploy an SD-WAN solution. The challenge facing retailers is that not every SD-WAN offering includes security integrated into the solution. A Secure SD-WAN, that offers a full suite of integrated security services as opposed to an overlay or purely external security offering, is necessary to efficiently and effectively mitigate risk, provide business continuity, and allow for the greatest ROI.