More sales traffic traversing more channels than ever before means more opportunities for hackers to launch advanced cyber-attacks and infiltrate retail networks. Highly distributed and hybrid retail environments, combined with new endpoints like kiosks, BYOD, Internet of Things (IoT), mobile point-of-sale (mPOS) and Wi-Fi, create an expanded attack surface that is attached to massive amounts of customer data. Faced with today’s rapidly evolving security threatscape, you can no longer rely on a legacy “check the boxes” security approach.
Cybercrime aimed at retailers is highly lucrative, making retailers of every size and ilk attractive targets. The combination of increased accessibility and easily monetized sensitive data provides a Pandora’s box of opportunities that cybercriminals find irresistible. Unfortunately, the patchwork security architectures found in many retail enterprises are unable to defend against attacks that are increasing in both number and sophistication.
So, what’s a retailer to do? Make next-generation security defenses a priority – now.
Focus on developing an adaptive security architecture that provides agile layers of security while reducing complexity. If you haven’t already done so, take a closer look at cloud-based solutions, as well as hosted services offered by managed service providers (MSPs). Finding the right provider and solutions can help elevate your security posture and better protect both customer data and your brand integrity.
Plus, cutting back on trying to deploy security hardware and configuration internally means your IT team can spend more time on incorporating in-store innovations to provide the best customer experience possible. But be aware, introducing the latest technology innovations can lead to increased security exposure.
With that in mind, here’s what you need to know to fortify your defenses:
5 Key Threats to Retail Security
- IoT Vulnerabilities
The rapid proliferation of IoT devices continues to drive increased security challenges within the retail environment. Many devices are difficult to defend and contain flawed or inadequate internal security controls, making them extremely vulnerable to attacks and infiltration. Forrester predicts half a million IoT devices will be compromised in 2017.
Protecting IoT endpoints in the store environment starts with securing access methods to the internet. You must properly segment various store network subnets to limit the attack surface and enable IoT devices to communicate only with white-listed IP addresses. Any unapproved connections should alert you to potential malicious activity.
– Only 10% of enterprises feel confident in securing IoT devices against hackers
Ransomware attacks continue to increase, growing to 638 million attacks in 2016. You need to be prepared and ensure you have robust disaster recovery capabilities in place if critical data is hijacked. Many enterprises are leveraging the cloud as the preferred platform for backup recovery rather than their internal data centers due to the resiliency and accessibility of cloud environments.
To bolster security defenses, you can leverage private connectivity (Layer 1 or Layer 2) from your data centers to leading cloud service providers like AWS, Azure or Google, for increased security and enhanced efficiencies when conducting data back-ups and transfers.
- Malware Infections
While malware attacks decreased slightly in 2016, it remains a popular business for cybercriminals. Bad actors are still creating malware strains at a breakneck pace to invade networks and target point-of-sale systems, vulnerable IoT devices and Wi-Fi systems.
You can better protect your customer data and valuable IP by moving to next-gen, cloud-based firewalls with advanced malware detection capabilities to scan, block and report on malicious code found in network traffic. Layering-on actionable threat intelligence to track two-way network communications also enables you to quickly respond to potential threats when suspicious or malicious activity is detected.
– 197 days – average amount of time it takes for a retailer to detect an advanced exploit in their environment
- DDoS Attack Escalation
Large scale distributed denial-of-service (DDoS) attacks continue to evolve in size, frequency and sophistication, forcing retailers to deploy more robust DDoS defenses to fight back. One of the largest DDoS attacks in 2016 was over 600 Gbps, fueled by the Mirai IoT botnet, which continues to infect devices globally. In fact, 7 out of the 12 largest DDoS attacks with traffic greater than 100 Gbps were attributed to Mirai in Q4 of last year.
The ability of bad actors to conduct large scale attacks highlights a growing baseline and requires the reevaluation of a retailer’s current DDoS defenses. Additionally, cyber extortion — where companies must pay an extortion fee or risk a crippling DDoS attack — is on the rise for retailers, making DDoS mitigation a top priority for investment.
- Vulnerability and Patch Management
It’s not a matter of if a retailer will be compromised, but when. You should enlist the help of professional security services to conduct comprehensive network and application vulnerability assessments and penetration testing to identify weaknesses and shore up an organization’s defenses. Such services can help uncover vulnerabilities and network security gaps, as well as kick-start building more effective remediation and response plans.
Additionally, deploying patch and vulnerability management software can aid IT security teams and reduce the manual burden of data analysis.
– 86% of websites contain at least one serious vulnerability
The bottom line for merchants in 2017? Implement next-gen, adaptive security technologies that can help detect and protect against the latest cyber threats and attack vectors. As fraudsters find new methods to invade the omnichannel, a comprehensive security stance that integrates across your retail network will help you fight back.