The U.S. convenience store sector operates at an enormous scale, with $650 billion in annual sales spread across 150,000 stores. To put that figure in context, that’s more than the entire GDP of most countries—more than Poland, Taiwan, or Israel, for example. In fact, that figure would reside just outside the top 20 of GDP worldwide.
An inevitable consequence of operating at such a scale is all that money makes the industry a huge target for cybercriminals. Indeed, the National Association of Convenience Stores (NACS), lists data breaches and payment security at the top of the list of “major issues affecting the convenience industry.”
Against the backdrop of this looming threat, there’s a disturbing pattern of events at play. After malware attacks, data breaches at major convenience store chains go unnoticed for months, by which time huge amounts of sensitive customer data are either compromised or stolen. In turn, class action lawsuits follow as the impacted customers seek redress.
Specific examples are easy to find. In late 2019, 850 outlets of the Wawa convenience store chain were hit by a malware infection, resulting in the loss of customer data—including details from over 30 million payment cards.
Media reports at the time suggested that the problem arose in March but wasn’t discovered until December. One of the class-action lawsuits that have since been filed alleges that “inadequate data security measures and cavalier approach to data security” were to blame for the breach.
A few months prior to that incident, a breach at the Hy-Vee chain—again caused by malware—resulted in customer data being stolen from compromised coffee shops, restaurants, and fuel pumps. One report noted that details from over five million customer cards were being offered for sale on the dark web. And, just like in the Wawa breach that followed, it took months before the problem was discovered and fixed. Once again, customer-led legal action soon commenced.
Legacy Problems Need Modern Security Solutions
These types of security breaches are rooted in a wide variety of technology deficiencies. One of the major challenges convenience store chains face is their reliance on virtual private networks (VPNs) to control costs while connecting remote locations and deploying new applications.
The problem is, the rapid adoption of mobility, big data, social media, cloud services, and the Internet of Things (IoT) means VPNs are themselves becoming too complicated to secure and increasingly vulnerable to cyber threats.
While data center security is evolving to better protect sensitive assets by embracing multi-layered solutions, many remote sites are left without the same levels of protection. These points of vulnerability make them ideal targets for cybercriminals and raise the difficult question of how to extend data center-grade security to remote sites with only limited onsite IT staff and relatively tight budgets.
Secure SD-WAN Shows Its Value
As more applications are deployed for these remote sites, convenience stores need a simpler solution to securely connect them with minimal effort. Many are now deploying secure Software-Defined WAN (SD-WAN) solutions, which are particularly well suited for stemming the tide of cyber threats.
SD-WANs are extremely effective at the network edge, virtualizing WANs so that all network intelligence is handled via software. This flexibility means IT staff can define multiple remote locations simultaneously and then synchronize them using centralized cloud-based policy administration.
This approach helps improve network flexibility while reducing cost and complexity. It also allows IT to automatically roll out software updates and stricter security policies across their highly distributed enterprises.
As a result, secure SD-WANs can dramatically reduce both CapEx and OpEx for IT infrastructure management. By extending the multi-layer security defenses used in the data center all the way to remote locations, secure SD-WANs allow mission-critical applications such as credit card payment and loyalty to coexist with public applications like Wi-Fi on a single network.
Here Are 5 Steps to Take Today
These advantages make SD-WANs particularly useful for convenience stores that need to significantly tighten cybersecurity while still offering their customers the accessibility and innovative shopping experiences they demand. To help prevent data breaches, convenience stores should take an incremental approach to secure SD-WAN deployment with these steps:
- Develop a consistent data connectivity and security program for remote locations.
- Be proactive about protecting customer data across the entire environment.
- Engage key stakeholders to ensure there’s a holistic security approach.
- Start small with a secure SD-WAN pilot project to make sure the existing architecture isn’t disrupted.
- Test, test, and re-test the SD-WAN environment to continually guard against new and emerging cyberthreats.
As cybercriminals employ increasingly sophisticated attacks, convenience stores will continue to be vulnerable if they rely on their existing VPNs. To reduce the risk of being compromised, they should consider SD-WANs as a highly versatile and powerful solution for securing their remote sites.