COVID-19 has changed everything – from social distancing becoming the new norm to constant sanitisation, broken supply chains and widespread homeworking. These changes have been devastating to many industries – highlighting the fragility of business models and holes in security networks. They also represent an opportunity for businesses to evolve and become better – but alongside evolution is also an opportunity for cyber criminals to take advantage at a vulnerable moment.
There was already an increasing volume of cyberattacks every day around the world when the COVID-19 pandemic was seized upon and leveraged by criminals, targeting businesses and workers operating in new environments and striking as priorities were shifting, resources were stretched, and people were naturally less diligent. Cyber security matters even more as we begin the fightback from the coronavirus crisis, given the increased dependency on digital infrastructure that is in most cases permanent.
Protecting retailers from advanced threats
The COVID-19 pandemic is driving technological transformation across all industries and sectors – but perhaps none more significantly than retail. Retailers want solutions that address the safety of their customers and the survival of their businesses. The retail sector, even before the pandemic started, was one of the most heavily targeted sectors by cybercriminals. The sector is now more vulnerable than ever, fending a range of additional cyber security threats during this new way of working.
The impacts COVID-19 on the retail sector has accelerated changes that were already afoot. When physical stores closed, there was a swift adoption to online options, and contactless payments and deliveries which in turn has driven an increase in cyber security risks and fraud that retailers need to be aware of. With the increase in demand in such a short time, additional and/or local supplier options are also being pursued which means third party risk can also increase. And as consumers are embracing more digital interactions with retailers, they too are at increased risk of social engineering and retail-based scams.
How Zero-Trust Access can help
Traditional security models operate under the assumption that everything inside the organisations’ network should be trusted. However, automatically extending trust to any device or user puts the organization at risk when either becomes compromised, whether intentionally or unintentionally. That is why many security leaders are turning to a Zero-trust Network Access approach to identify, authenticate, and monitor users and devices, both on and off the network.
Digital innovation in retail is creating new leaps in productivity, but at the same time, creates new cybersecurity risks. Attackers, malware, and infected devices that bypass edge security checkpoints often have free access to the network inside. For these reasons, organisations can no longer trust users or devices on or off the network.
Security leaders should assume that every device on the network is potentially infected, and that any user is capable of compromising critical resources, intentionally or inadvertently. A Zero-trust Network Access (ZTNA) strategy shifts the fundamental paradigm of open networks built around inherent trust, to a zero-trust framework through the adoption of rigorous network access controls.
According to Fortinet Field CISO Courtney Radke:
“Retail is something we all understand since we all “experience” retail on a daily basis. As a tangible example, given the nature of retail today where omni-channel is the norm, implementing a Zero-Trust model is more challenging than ever.
For those unfamiliar with the term, omnichannel is a cross-channel content strategy that organizations use to improve user experience and drive better relationships with their customers across multiple points of contact. The purpose of providing omnichannel experiences is to unlock doors to the consumers and remove barriers wherever possible. It enables retailers to expand to new demographics and open up new revenue streams through technology, which is now required to remain competitive in today’s market.
Unfortunately, however, every door you open to better enable customer engagement also provides new opportunities, and new attack vectors, for threat actors to compromise your business. Protecting these solutions requires carefully controlling who and what has access to internal systems, data, and devices.”
Integrated security from SCC
SCC’s security solutions provide an integrated security suite that delivers the right technologies to enhance existing practices. We deploy solutions to help customers secure cloud, data, networks and systems to mitigate risks that may stem from insider and external attacks. We build solutions that can help you to control, govern and manage user identities and access to services and data across your infrastructure.
SCC is a Fortinet Expert Integrator partner, which is the highest level achievable. We have many years of experience securing customer networks, as demonstrated by our Fortinet Platinum Partner of the Year award in 2018 for our expertise in designing and delivering the Fortinet security fabric.
Our depth of capabilities for the solutions we provide assures customers that we can execute with greater agility. We have extensive experience, qualifications and certifications in a wide range of partner technologies that underpin our solutions. You benefit from thought leadership, key knowledge and vital experience, shared across our global partner network.
In today’s connected business environment, network security and availability are essential. As retail businesses start to navigate through the immediate impacts of coronavirus and towards the new normal, these security risks will need to be understood and planned for. Together with Fortinet, SCC implements network security solutions that protect your network and assure your organisation’s security across cloud environments and on-premise infrastructure.