Blog

Exploitation trends in retail: Securing firewalls and VPNs against growing threats

Skip to Key Ideas Q and A

Introduction: When gaps become gateways

In 2024, many of the most damaging cyberattacks didn’t rely on zero-day exploits or advanced tactics. Instead, they took advantage of unpatched firewalls, outdated VPN appliances, and misconfigured remote access tools—vulnerabilities that might have existed for months or even years. For retailers, these edge systems are essential to day-to-day operations. But when neglected, they become easy entry points for attackers to steal data, deploy ransomware, or disrupt services—often during peak retail cycles. This blog explores the exploitation trends of 2024, why retail remains a high-risk sector, and what top security teams are doing in 2025 to reduce risk and strengthen resilience.

What happened in 2024: A quick exploit breakdown

Attackers are targeting the edge

Firewalls, VPNs, and other edge systems are increasingly treated like buried treasure by attackers—especially when they’re running outdated firmware or exposed to the Internet without safeguards. These aren’t theoretical risks. They’re real-world threats that continue to hit retailers across the board.

A real-world example

Consider a regional grocery chain operating an unpatched Fortinet SSL-VPN vulnerable to CVE-2018-13379—a known exploit with a patch released years ago. An attacker could use this single vulnerability to access internal systems and quietly extract loyalty program data, customer records, and financials—without setting off a single alert.

The bigger pattern

  • Exploits targeting edge infrastructure—like firewalls, VPNs, and public-facing apps—surged in 2024.
  • Retailers with Hikvision camera systems faced risk from CVE-2021-36260, which enabled remote code execution inside internal networks.
  • These exploits were often combined with phishing or credential stuffing to establish a foothold before moving laterally.

Bottom line: If it’s connected, it’s exposed. The retailers that stayed protected were those who treated patching and configuration as business priorities—not background tasks.

 

Why firewalls and VPNs matter more than ever

Firewalls and VPNs are no longer just perimeter tools—they form the security scaffolding of your retail environment. If they’re misconfigured, outdated, or left unmonitored, the consequences can be far-reaching.

Consider this:

  • VPNs control remote access to critical platforms like POS, vendor portals, and financial systems.
  • Firewalls determine what traffic is allowed in and out of your inventory management, ERP, and ecommerce applications.
  • If either threshold is breached, attackers can silently install malware, escalate access, or siphon off data—sometimes for weeks before being detected.

 

How smart retailers are securing their networks in 2025

Here are the key strategies top-performing retailers are using to stay ahead of edge exploitation:

  1. Patch early. Patch often.

  • Apply critical security patches within 72 hours of release—especially for Internet-facing systems.
  • Prioritize high-severity CVEs targeting firewalls and VPN appliances, such as Fortinet, SonicWall, or Palo Alto.

  1. Automate where possible

  • Use centralized vulnerability scanning and patch management tools to eliminate blind spots.
  • PDI’s automated patching helped one fashion brand reduce exploitable vulnerabilities by 85% in less than two quarters.

  1. Deploy AI-powered intrusion prevention

  • Use AI-driven intrusion prevention systems (IPS) to detect and block abnormal activity—not just known signatures.
  • A national home goods retailer avoided $4 million in downtime by using AI-powered IPS rules to stop lateral movement attempts in real time.

  1. Adopt a zero-trust approach

  • Treat all traffic—including internal—as untrusted until verified.
  • Segment your network so POS systems, vendor platforms, and employee tools operate in isolation unless explicitly required.
  • This limits the blast radius of any breach and helps stop lateral movement early.

  1. Audit vendor and third-party integrations

  • Require vendors to meet minimum security requirements, including patching and access controls.
  • Regularly review third-party systems—such as HVAC, surveillance, or shipping platforms—for security risks.
  • Ensure those systems are segmented from your core retail environment.

 

Bonus: Your retail-ready firewall and network security checklist

Before you launch your next seasonal promotion, loyalty campaign, or e-commerce push, make sure these essentials are in place:

Firmware is up to date. All firewalls, VPNs, and edge appliances are running the latest patches.

MFA is enforced. Multi-factor authentication is required for all remote and administrative access points.

IPS is deployed and tuned. Your intrusion prevention system is aligned with your environment and blocking abnormal activity.

Third-party systems are isolated. HVAC, surveillance, shipping, and other vendor tools are segmented and scanned regularly.

Scans and reviews are scheduled. Weekly vulnerability scans and monthly patch audits are on the calendar—and enforced.

Response roles are clear. Your team knows who to call (internally and externally) when suspicious activity appears.

 

Conclusion: Infrastructure deserves attention, too

It’s easy to focus on what customers see—POS upgrades, loyalty apps, and inventory AI. But behind every seamless retail experience is infrastructure that works—and protects your business.

Firewalls, VPNs, and network segmentation aren’t just IT concerns. They’re the foundation of operational resilience, data integrity, and customer trust.

Want to arm yourself with knowledge? Get a free, customized threat assessment for your retail business here.

Key Ideas Q and A

Q: What types of cyberattacks hit retailers the hardest in 2024?
A: In 2024, many major retail cyberattacks succeeded not through advanced tactics, but by exploiting outdated firewalls, unpatched VPNs, and misconfigured edge systems.

Q: Why are edge systems like firewalls and VPNs such big targets for attackers?
A: Edge systems such as firewalls and VPNs often control access to critical retail systems, making them high-value targets if they’re outdated, exposed, or misconfigured.

Q: What can happen if retailers fail to patch known vulnerabilities?
A: Unpatched vulnerabilities—like CVE-2018-13379 in Fortinet SSL-VPNs—can allow attackers to infiltrate networks, exfiltrate customer data, and remain undetected for weeks.

Q: What security risks do third-party systems pose to retailers?
A: Third-party tools like HVAC or surveillance systems often lack strong security controls and can be exploited if they aren’t segmented or regularly reviewed.

Q: What are the top strategies retailers are using to stop edge-based attacks in 2025?
A: In 2025, leading retailers are patching critical systems within 72 hours, using automated scanning tools, deploying AI-powered intrusion prevention, adopting zero-trust architecture, and enforcing vendor security controls.

Q: How does AI help prevent network breaches in retail?
A: AI-powered intrusion prevention systems help detect and stop abnormal behavior—like lateral movement or privilege escalation—before attackers gain control.

Q: What should be on every retailer’s firewall and VPN security checklist?
A: A solid security checklist includes updated firmware, enforced MFA, tuned IPS, isolated vendor systems, scheduled vulnerability scans, and clear response protocols.

Request your free threat assessment.

Back to top ↑

{
“@context”: “https://schema.org”,
“@type”: “FAQPage”,
“mainEntity”: [
{
“@type”: “Question”,
“name”: “What types of cyberattacks hit retailers the hardest in 2024?”,
“acceptedAnswer”: {
“@type”: “Answer”,
“text”: “In 2024, many major retail cyberattacks succeeded not through advanced tactics, but by exploiting outdated firewalls, unpatched VPNs, and misconfigured edge systems.”
}
},
{
“@type”: “Question”,
“name”: “Why are edge systems like firewalls and VPNs such big targets for attackers?”,
“acceptedAnswer”: {
“@type”: “Answer”,
“text”: “Edge systems such as firewalls and VPNs often control access to critical retail systems, making them high-value targets if they’re outdated, exposed, or misconfigured.”
}
},
{
“@type”: “Question”,
“name”: “What can happen if retailers fail to patch known vulnerabilities?”,
“acceptedAnswer”: {
“@type”: “Answer”,
“text”: “Unpatched vulnerabilities—like CVE-2018-13379 in Fortinet SSL-VPNs—can allow attackers to infiltrate networks, exfiltrate customer data, and remain undetected for weeks.”
}
},
{
“@type”: “Question”,
“name”: “What security risks do third-party systems pose to retailers?”,
“acceptedAnswer”: {
“@type”: “Answer”,
“text”: “Third-party tools like HVAC or surveillance systems often lack strong security controls and can be exploited if they aren’t segmented or regularly reviewed.”
}
},
{
“@type”: “Question”,
“name”: “What are the top strategies retailers are using to stop edge-based attacks in 2025?”,
“acceptedAnswer”: {
“@type”: “Answer”,
“text”: “In 2025, leading retailers are patching critical systems within 72 hours, using automated scanning tools, deploying AI-powered intrusion prevention, adopting zero-trust architecture, and enforcing vendor security controls.”
}
},
{
“@type”: “Question”,
“name”: “How does AI help prevent network breaches in retail?”,
“acceptedAnswer”: {
“@type”: “Answer”,
“text”: “AI-powered intrusion prevention systems help detect and stop abnormal behavior—like lateral movement or privilege escalation—before attackers gain control.”
}
},
{
“@type”: “Question”,
“name”: “What should be on every retailer’s firewall and VPN security checklist?”,
“acceptedAnswer”: {
“@type”: “Answer”,
“text”: “A solid security checklist includes updated firmware, enforced MFA, tuned IPS, isolated vendor systems, scheduled vulnerability scans, and clear response protocols.”
}
}
] }

Have you registered for our next event?

View Upcoming Events
Contact Us