Industry Professional

Retail Under Fire

What makes enterprise-level merchants vulnerable to cyberattacks?

A recent data security report, published by Thales, revealed that 62 percent of all retailers worldwide have experienced a data breach within the past year. This alarming report provides evidence that retailers are prime targets for cyberattacks, and hackers have shifted the focus to exploit any system housing sensitive customer information that is not properly protected regardless of a company’s size.

While it can be almost impossible to predict how cyberattacks will evolve, understanding current cyber trends and vulnerabilities can greatly help retailers to swiftly improve their cybersecurity posture and significantly reduce risk. Read on to learn about the top three threats affecting the retail industry today and what can be done to neutralize or eliminate risk altogether.

Cloud and IoT

Over the past few years, many enterprise retailers have adopted technologies to streamline outdated business processes and greatly improve the customer experience. While popular technologies like cloud-based applications and other connected devices can certainly help an organization evolve towards a more convenient, customer-centric purchasing model, but it can also create additional data security vulnerabilities where traditional security tactics are no longer effective.

To mitigate the risk of exposing data in clear text throughout a growing system, it is important to take time and understand the overall data flow for sensitive information, such as how information enters the environment, what networks it traverses (data in transit), which applications or people handle the data and how data is being stored (data at rest). Once the information flow is understood endto- end, a multi-level security strategy can be identified to protect it.

A sound multi-level security strategy is made of three components:

A diagnosis. Identifying the data protection challenges and clearly understanding how it can affect a business.

A guiding policy. Defining what must be done at from a high-level to counter act the identified data security challenge.

Coherent actions. These are the objectives and assigned resources dedicated to executing the objectives within the guiding policy to achieve the strategy.

What is the best approach to a multi-level security strategy for sensitive data? Most industry experts agree, it is an approach using a combination of data tokenization, Point-to-Point Encryption (P2PE), standard data encryption, proactive data flow analysis (what worked previously might not work today), continuous training for handling sensitive data and proactive vulnerability monitoring and patching.

Using tokenization alone won’t keep a hacker from breaching a system, but can drastically reduce a data breach impact. Tokenization works by replaces sensitive data, like credit card numbers, with a valueless token useless to a criminal seeking to steal credit card information.

When combining data tokenization with P2PE, a solution that protects sensitive data with encryption the moment it’s captured throughout the full lifecycle, an enterprise can prevent the use of sensitive data for fraudulent activity in the event that a retailers system or network is breached.

PoS Malware

Point-of-Sale (PoS) malware is designed to extract credit or debit card data from a retailers POS environment and then send it back to a command-and-control (C&C) server run by hackers. In recent months, there have been a number of POS attacks around the globe that convinced users to open malicious documents that automatically download malware locally. This malware is then spread across the enterprise’s network to take over POS systems and other applications.

Keeping software up-to-date and restricting internet access are great first steps in protecting POS systems, but ultimately devaluing sensitive data and implementing a solid multi-level security strategy remains the best defense against cybersecurity threats for the enterprise.

Skimming

EMV Chip and PIN adoption has grown significantly over the past year; shockingly not all retailers have adopted the two security tactics. According to experts, the uneven rollout has not gone unnoticed by hackers. There is available data (reports, videos online) for creative ways used by hackers to implement skimming devices at selfcheckout lines. These hacking methods are being executed using organized methods.

Effective data security requires a proactive and practical multilevel security strategy. Implementing P2PE/EMV technology for credit card transactions eliminates the impact associated with device skimming. Hackers are very creative and will continue to evolve their methods to expose and steal valuable information for maximum disruption or profit. The more vigilant and proactive businesses remain about data security, the better they will be at identifying these threats and mitigating attacks.

This article originally appeared in the November 2017 issue of Security Today.

Featured

  • Survey: Less Than Half of IT Leaders are Confident in their IoT Security Plans

    Viakoo recently released findings from its 2024 IoT Security Crisis: By the Numbers. The survey uncovers insights from IT and security executives, exposes a dramatic surge in enterprise IoT security risks, and highlights a critical missing piece in the IoT security technology stack. The clarion call is clear: IT leaders urgently need to secure their IoT infrastructure one application at a time in an automated and expeditious fashion. Read Now

  • ASIS International and SIA Release “Complexities in the Global Security Market: 2024 Through 2026”

    ASIS International and the Security Industry Association (SIA) – the leading security associations for the security industry – have released ”Complexities in the Global Security Market: 2024 Through 2026”, a new research report that provides insights into the equipment, technologies, and employment of the global security industry, including regional market breakouts. SIA and ASIS partnered with global analytics and advisory firm Omdia to complete the research. Read Now

  • President Biden Issues Executive Order to Bolster U.S Port Cybersecurity

    On Wednesday, President Biden issued an Executive Order to bolster the security of the nation’s ports, alongside a series of additional actions that will strengthen maritime cybersecurity and more Read Now

  • Report: 15 Percent of All Emails Sent in 2023 Were Malicious

    VIPRE Security Group recently released its report titled “Email Security in 2024: An Expert Look at Email-Based Threats”. The 2024 predictions for email security in this report are based on an analysis of over 7 billion emails processed by VIPRE worldwide during 2023. This equates to almost one email for everyone on the planet. Of those, roughly 1 billion (or 15%) were malicious. Read Now

Featured Cybersecurity

Whitepapers

New Products

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3