Skip to content Skip to navigation Skip to footer

Cyberattacks on the Retail Industry

Retailers face an ever-growing risk of sophisticated cyberattacks that target the digital experiences and products their consumers increasingly demand. Cyber criminals are launching targeted attacks against connected devices, from laptops and smartphones to Internet-of-Things (IoT) devices and wearables, and the complex technologies that secure them.

Retail cybersecurity attacks are increasingly common due to the vast amount of payment information and sensitive personal data that retailers have access to. This is further exacerbated by many retailers continuing to rely on siloed legacy infrastructure, networks, and systems that are not designed for modern cloud-based, data-intensive environments. This infrastructure prevents them from achieving the agility, resilience, and scalability required to deploy new technologies that meet customers’ evolving demands. 

As a result, retailers struggle to deploy innovative, next-generation customer experiences. They become vulnerable to attacks and unable to keep pace with their more forward-thinking competitors.

Some of the Biggest and Most Recent Attacks on Retailers

In a widely publicized 2013 breach, 70 million Target consumers found their data stolen. Just recently, Home Depot agreed to a $17.5 million settlement fee over a data breach suffered in 2014. Cyberattacks in the retail industry are not showing any signs of slowing down as significant cybersecurity events continue to affect retailers. For example:

  1. Estée Lauder had 440 million records exposed through middleware security failures in February 2020.
  2. Italian drinks firm Campari suffered a ransomware attack that took its systems offline in November 2020.
  3. Men’s clothing company Bonobos saw the personal and financial information of up to 7 million customers leaked in January 2021.
  4. The database of online musical instruments marketplace Reverb had the personal details of more than 5.6 million users, including names, email addresses, PayPal details, and Internet Protocol (IP) addresses, leaked to the dark web in April 2021.
  5. Fashion retailer Guess suffered a data breach after a ransomware attack in February 2021, resulting in sensitive customer data being leaked, such as driver’s license numbers, passport numbers, social security numbers, and other financial data.

Selecting Your Retail Cybersecurity Solution

In the face of an ever-growing threat landscape, retailers can choose from a wide range of cybersecurity solutions to protect their devices, networks, systems, and users. What today’s retailers need in a security architecture includes technology that protects their email and web applications, multi-cloud environments, remote workforces, and wireless access points. 

Integrated Solutions

Increasingly, this means deploying a set of integrated solutions that help retailers protect their entire network and all potential points of vulnerability. More importantly, these solutions must be able to communicate effectively, so that if one component detects a threat, it can immediately alert the rest of the architecture. Providing timely alerts is critical for organizations to keep up with the security landscape and react to events as quickly as possible. 

AI-powered Solutions

Cybersecurity in the retail industry is also reliant on solutions that help organizations detect and block advanced threats like distributed denial-of-service (DDoS) attacks and ransomware. Retailers need to look for solutions that take advantage of artificial intelligence (AI) to detect evolving threats in real time.

Solutions That Comply with Regulations

Having a robust security architecture is critical for retailers to meet their increasingly stringent data privacy and regulatory compliance needs. This includes complying with:

  1. California Consumer Privacy Act (CCPA)
  2. European Union’s General Data Protection Regulation (GDPR)
  3. Security standards promoted by the National Institute of Standards and Technology (NIST)
  4. Other industry-specific statutes like the Health Insurance Portability and Accountability Act (HIPAA) and the Payment Card Industry Data Security Standard (PCI DSS)

Meeting the requirements of these regulations relies on centralized and consistent policy controls and a complete visibility of the corporate attack surface.

The Role of SD-WAN in Retail Security

One of the most important innovations for retail cybersecurity is software-defined wide-area networking (SD-WAN). Preventing retail cyberattacks with SD-WAN ensures organizations achieve high-speed connectivity to their point-of-sale (POS) systems and other applications. 

The primary role of WAN is to connect users to their applications regardless of where the application resides, be it on-premises or in the cloud. SD-WAN for retail helps maximize application and network performance. One of the key benefits is that traffic does not have to be routed through a retailer’s corporate data center, ensuring faster internet connections. However, this can also introduce new vulnerabilities if data center-level security controls are no longer being applied.

To mitigate this, SD-WAN implementation must be bolstered with additional security solutions like advanced firewalls to protect retailer infrastructures against malware and evolving cyber threats.

Top Benefits of SD-WAN for the Retail Security

Examples of how SD-WAN benefits retailers include:

Centralized Visibility

SD-WAN provides retailers with centralized visibility of their environment, which is managed through one central controller. This ensures retailers can see all the devices and users connecting to their network. An SD-WAN also reduces the complexity of retailers’ networks and helps them provision new sites, increase bandwidth, alter traffic priority, and upgrade their firmware and software.

Reduced Data Complexity

Many retailers now use applications that reside in the cloud, as well as edge and local environments. These applications all compete for bandwidth, which can further increase network complexity. SD-WAN enables retailers to monitor the performance of their data and ensure the appropriate level of bandwidth is allocated to each application and service. 

Automated Threat Detection and Response

Retailers need to identify and manage threats as quickly as possible. SD-WAN enables them to automatically detect security risks as soon as they appear and issue alerts that allow security teams to respond immediately.

Proactive Threat Intelligence

SD-WAN solutions use AI and machine learning techniques that provide proactive threat intelligence. This ensures organizations immediately discover rapidly evolving threats targeting their cloud applications, POS systems, and other network infrastructure.

High Network Performance

As consumers increasingly demand high performance from retailers, it is vital to minimize latency and maximize network visibility. Advanced firewall solutions enable retail organizations to thoroughly inspect encrypted traffic without impacting the speed or throughput of their network.

Dynamic Multi-cloud Cybersecurity

Retailers that operate large networks across various locations are looking to the cloud to centralize their resources and systems. However, spreading this infrastructure across different private and public clouds can result in a siloed environment that would be difficult to manage and secure. Multi-cloud deployments are becoming increasingly popular as they centralize visibility and simplify management and policy enforcement.

Fortinet Secure SD-WAN

Learn how the Fortinet Secure SD-WAN delivers a world-class shopping experience with consistent security.

Get your copy of the 2021 Gartner report today!

How Fortinet Can Help

Fortinet empowers retailers with the tools to combat the latest security threats with Fortinet SD-WAN, a fast, flexible, and scalable SD-WAN solution. It combines SD-WAN with Next-Generation Firewalls (NGFWs) and advanced routing, ensuring cloud-first retailers achieve the highest possible application availability and performance, total visibility through advanced analytics and reporting, and fast, secure connectivity between applications. (To illustrate, learn how Fortinet security solutions helped Batteries Plus strengthen its defenses and integrate SD-WAN into its existing security infrastructure.)

Furthermore, the Fortinet integrated retailer protection provides a wide range of network and security solutions, which uses:

  1. Fortinet Security Fabric to increase control and visibility of the IT environment, networks, and systems
  2. Fortinet FortiGuard Labs team to provide AI-driven threat intelligence into evolving security threat vectors
  3. SD-WAN security and NGFWs, which provide advanced antivirus, data loss prevention, secure sockets layer inspection, and web filtering protection