We are fast approaching the busiest period in the shopping diary. However, as millions of consumers hunt for a bargain in the lead up to Christmas, all eyes will be on retailers to ensure that their customers’ shopping experience is as seamless and, most importantly, secure as it can be, writes Ross Brewer, pictured, vice president and managing director of international markets, LogRhythm.
It’s been another tough year for big businesses, with the likes of Moonpig, TalkTalk and Vodafone all falling victim to large-scale data breaches. Retailers subsequently have a lot to prove when it comes to showing consumers that they are taking these threats seriously.
A shift is needed in the way network security is addressed. Indeed, retail organisations need to realise that traditional defences are incapable of adapting quickly to emerging threats, rendering them inadequate when faced with today’s rapidly evolving threat landscape. While perimeter security tools undoubtedly still have a role to play in reactively defending networks, they will not stop sophisticated hacks aimed at stealing valuable information. Instead, retailers must be more proactive and ensure they have full visibility into their networks.
Identifying malicious behaviour indicative of an initial compromise or attempted data breach requires the entire payment infrastructure to be properly instrumented and monitored for anomalous activity. This includes everything from Point-of-sale (POS) system endpoints to the payment processor, as well as all back-office and network infrastructure. For example, when a piece of malware is installed on a POS system, it might initiate suspicious process activity and/or make changes to the POS’s file system. Other indicators might include a user unlawfully trying to gain access to a back-office server hosting sensitive customer data, or multiple attempted log-ins from an unauthorised user on a customer’s online account. All of these scenarios will reveal inconsistent activity, which, when properly monitored and analysed, will alert organisations of an attempted breach.
POS protection
No-one wants to be in the position Target found themselves in two years ago, when 40 million customers’ credit card details were stolen from POS devices over the Black Friday weekend. For POS systems, certain attributes should be monitored to accurately identify when malicious activity is taking place. As well as running the same set of processes, file systems should look identical to one another and should only change during scheduled updates. If they are not all completely identical, malware will likely be present on a system.
In many cases, organisations’ POS endpoints also communicate with third-party payment processors and back-office systems that might serve a variety of purposes, particularly within larger organisations. They might aggregate transactions from multiple POS endpoints for processing, allow a customer to sign up for e-mail alerts, keep track of purchases for tracking loyalty programmes, or simply update information in an inventory tracking system. Although back-office systems don’t always process credit card data, the fact that they are generally authorised to communicate with POS endpoints makes them viable attack vectors. Furthermore, other personal data may be residing on these systems and need to be protected along with credit card details.
Intelligent
In addition to POS and back office systems, online activity and network communications between components in the card processing chain need to be tightly controlled and monitored; a process that is specifically mandated by PCI-DSS. It’s also important that security teams have as much information as possible to quickly evaluate threats to understand the level of risk, as well as whether an incident has occurred. This requires intelligent security systems. With time increasingly of the essence, it is critical that, rather than simply scanning for threats and raising an alarm if something suspicious in identified, these systems are able to deliver actionable insight with supporting forensic data and contextually rich intelligence. Not only does this ensure that the right information is delivered at the right time, to the right people, but it guarantees that the appropriate context will be attached, significantly decreasing the amount of time it takes to detect and respond to threats. What’s more, not only does this provide rich intelligence on security incidents, but continuous monitoring of the network infrastructure will also allow retailers to see if there are any technical issues that need attention.
Most retailers know by now that they cannot afford to take shortcuts when it comes to cyber security. With breaches now a case of when, not if, it’s essential that they are on high alert at all times – particularly during busy shopping periods. In a nutshell, it’s essential they have tools that continuously monitors for suspicious activity across all of its network infrastructure so that a potential breach can be identified and mitigated before any damage has been done. Despite growing concerns over the cyber threat, consumers are still spending a huge amount of money in store and online, but retailers cannot take this for granted. It only takes one data breach to damage a company’s reputation, which can have a significant long-term effect on the bottom line.
