With the rapid growth of mobile devices, cloud-based applications, credit card purchases, and the Internet of Things (IoT), maintaining network security is more difficult, and more important, than ever before, says Cradlepoint EMEA Vice President, Hubert Da Costa.
Although the retail landscape is becoming increasingly distributed, bricks-and-mortar is experiencing a sustained resurgence. Some of the world’s largest online retailers, including Alibaba and Amazon, are testing in-store strategies, and IBM has predicted that buying locally will surpass online buying by 2018 — thanks to cloud-based systems, big data, and predictive analytics.
A new day, a new threat
While this is undoubtedly good news for retailers, the increasingly complex networks required to manage the new ‘connected’ customer experience can increase retailers’ exposure to cyber threats. Data from the National Crime Agency suggests cybercrime accounts for more than half of crimes committed in the UK, and the retail industry is often targeted for its wealth of customer financial data. Some of the most high-profile data breaches in recent years have caused significant reputational damage to a number of leading retail brands.
Data breaches come in all shapes and sizes, and research is showing an increasing prevalence of ransomware targeted specifically at businesses. A recent report from Kaspersky Lab found that ransomware attacks on business increased three-fold between January and September 2016. This equates to an increase from attacks every two minutes to one every 40 seconds.
While the increase in attack frequency is concerning, more serious still is the increase in threat diversity and sophistication. From January to September 2016, 62 new ransomware families were detected, and individual modifications within these families increased from 2,900 to 32,091.
While threats to cybersecurity will continue to increase, there are a number of best practices retailers can adhere to that will mitigate network security risks and protect customer information.
- Educate end users
From passwords to phishing, educating employees early and often is one of the most effective ways to mitigate cybersecurity risks. If a phishing email reaches an employee inbox, that employee’s vigilance can be the last line of defence. This has become even more relevant during the last year, as attackers are increasingly combining phishing with ransomware attacks. The PhishMe Q3 Malware Review found the amount of phishing emails containing a form of ransomware grew to 97.25 per cent during the second half of 2016, up from 92 per cent in the first.
Phishing emails are becoming increasingly personalised and harder to identify. The Verizon 2016 Data Breach Investigations Report found that 30 per cent of phishing messages were opened in 2016, up from 23 per cent in 2014. 12 per cent of targets then went on to open the malicious attachment or click the link.
Users should be advised not to click on URLs or download email attachments unless they are certain they can identify the person who sent it. Wherever possible, employees should avoid connecting to public Wi-Fi networks on work-issued devices, as many threats, such as ‘quiet malware’, can infiltrate and remain undetected for long periods of time.
- Deploy parallel networking
In 2016, fast food company Wendy’s fell victim to a Point-of-Sale (POS) system attack. 300 of its franchised stores were infected with malware designed to steal payment card data and despite identifying the breach in January, payment card data was reportedly still being leaked almost four months later. Data breaches increased 40 per cent in 2016, and this case demonstrates the severity of a network breach that targets payment card data.
Distributed enterprises should create parallel networks, designating each application to its own isolated network, also known as air-gapped networks. This physical separation of the network prohibits attackers from using a compromised device or network segment to pivot to other applications within the network that hold sensitive data.
- Ensure comprehensive PCI Compliance
Organisations that process credit card information must make sure every aspect of their operation meets PCI DSS guidelines – from policies and procedures to servers, POS devices and network devices. When using 4G LTE solutions, networking can often be missed in this assessment. It is crucial that the network provider meets these requirements if payments are being processed through the network.
- Remotely manage the network’s edge from the cloud
IDC forecasts that 79 per cent of mobile devices in the distributed enterprise would be employee liable in 2017. Using a remote cloud management tool can reduce the additional burden this places on network managers. Cloud management tools can be used to automate network security configurations and checklists, such as PCI DSS Compliance, while also providing geofencing and location services – even for remote branch offices.
- Require BYON
In the Bomgar 2016 Vendor Vulnerability Index, IT professionals reported that on average, 89 third-party vendors access their company’s network every week. 69 per cent admitted they had either definitely, or probably, suffered a breach during the last year as a result of vendor access.
With an increasing reliance on third party vendors, these statistics should serve as a stark warning to retailers that invite kiosks, partner retailers or temporary pop-up entities into their stores and onto their networks. Companies can reduce risk by requiring third parties to ‘bring your own network’ (BYON). 4G LTE solutions are ideal for these situations and can run parallel to the company network without impacting security.
- Vigilantly update and patch software; use live threat intelligence solutions
With ransomware and malware changes occurring in such volumes and with increasing regularity, malicious content cannot always be identified and blocked by traditional anti-virus solutions. A recent report by WatchGuard estimates businesses without threat advanced protection miss up to a third of malware. Vulnerability management and threat intelligence providers can run scans and send alerts regarding plugins and programs that require immediate updating as soon as a threat is identified.
While live threat intelligence is a crucial element of network security management, consistently updating and patching software on a proactive basis is equally important. Threat intelligence solutions can be used alongside third party monitoring to assess global threats internally and further increase real-time protection against advanced persistent threat attempts.
- Regularly perform penetration testing
Experian estimates that UK businesses could face £20 billion in fines for failing to protect customers from data breaches once new EU data protection regulations are introduced. Its research suggests UK businesses are “acutely underprepared”, with 17 per cent having lost confidential information in at least one breach over the last two years, and more than half of those experiencing multiple breaches.
The figures highlight how important robust and regular penetration testing is to ongoing network security. Companies should invest in third party testing to provide an unbiased look at potential weak areas in network infrastructure. As part of this, companies should verify that applications within the network have completed their own pen testing.
- Focus on detection and response, not just prevention
No security software solution can successfully prevent every attack, so rapid detection and proper response planning are essential layers of network security.
A comprehensive intrusion prevention and detection system (IPS/IDS) via routing solutions at the network’s edge defends against evasion attacks, improves network availability and protects sensitive data. It also meets PCI DSS Compliance guidelines and is one of the most effective ways retailers can boost network security levels.
- Implement two-factor authentication
The risk of data breach is greatly reduced when company login processes requires a verification code along with the username and password. The most effective way is to combine a verification code delivered to a physical device, such as a mobile phone, with a known password. This prevents unauthorised access even when a password or other account credentials have been compromised. Additional measures, such as timed lockouts for unsuccessful login attempts can further increase security for network access.
While no security measure can guarantee full-proof protection against potential threats, using these best practices as a foundation can significantly minimise the risk of a breach. The retail environment is becoming increasingly distributed, and more ‘connected’ than ever. For retailers, this presents huge opportunities for additional revenue streams, as well as new and exciting ways to enhance customer experience. It also poses increased risk that, if not managed properly, presents real dangers.
Interested in Attending Intersec 2018?