Retailers have what cybercriminals want - a never-ending supply of payment card data. Unfortunately, as a number of headline-grabbing breaches show, many well-known retailers have failed to stop attackers from gaining access to their payment data systems.
Why are attackers so successful at compromising companies in the retail sector?
Competitive Pressures Changes Landscape
In response to seismic shifts taking place in the competitive landscape, retailers are under pressure to evolve their business model. Winning their share of the customer's wallet requires retailers to adopt innovative technology. While the introduction of new technology helps retailers compete, it also provides attackers with new weaknesses to exploit.
Before the competitive environment shifted, networks were built to support point-of-sale (POS) systems connecting to back-end servers and the corporate wide-area network (WAN). Malicious actors often seek to compromise those corporate WANs first. In some cases, POS systems even have Internet access to enable both remote operations or support.
In addition, larger retailers often allow their facility management systems such as their heating, ventilating, and air conditioning systems to connect to their networks. Retailers may also provide intranet and Internet access for employees and guest Wi-Fi access. Again, all connected to the retailer's IT environment.
Enter the cybercriminal. While the customer welcomes new technology with open arms, so too does the cybercriminal, but for entirely different reasons.
Since many retailers often still rely on commodity hardware, software and legacy operating systems built around the POS system, attackers can use relatively straightforward tools and tactics to breach the network and grab data. With each new connection, attackers have a new attack vector to pursue.
Retailers cannot avoid innovation. Cybercriminals thrive when retailers innovate. What can retailers do to stop cybercriminals from breaching their defenses?
Revisiting IT Security Practices
Stopping cybercriminals from stealing data requires a reassessment of a retailer's IT-related security risk. In order to gather a detailed understanding of the threats they face and the steps needed to manage and mitigate such risk, retailers often turn to third-party security vendors.
Asking security providers to answer the following three questions can help retailers uncover vendors best equipped to meet their needs.
Question #1: Can your solutions support multiple locations?
For retailers with stores throughout the country, and sometimes around the world, cloud-based security solutions offer many advantages over on-premises solutions. Cloud-based solutions also allow merchants to scale their operations to reflect increases and decreases in the number of stores. In addition, establishing how the solution handles high-risk traffic within the store network can help determine how much demand the security vendor will place on the IT infrastructure.
Question #2: Does your solution include advanced security capabilities?
Cybercriminals create and employ a variety of techniques to gain access to a retailer's network. A dynamic security solution that reflects the latest threat intelligence plays a critical role in stopping attackers. Also, the ability to integrate with existing security layers, such as anomaly detection, is an important factor as it helps the retailer gather information in a central location and develop actionable intelligence to prevent attacks.
Question #3: What reporting capabilities does your solution include?
Robust reporting can help retailers accomplish several important goals such as management and compliance-related reporting, and bandwidth consumption analysis. It may also provide market intelligence regarding the use of guest Wi-Fi to compare in-store pricing with online and traditional retailers.
Innovation is Here to Stay - So Are Cybercriminals
Customer expectations and competitive pressures will continue to justify increases in the investment and adoption of technology within the retail sector. With the emergence of new business models supported by the Internet, retailers will continue to face a never-ending stream of challengers for share of the customer's wallet.
Since merchants capture a tremendous volume of payment card and personal data to derive their revenue, they will always attract sophisticated cybercriminals. While retailers continue to adopt new forms of technology to meet customer expectations, "behind-the-scenes" many employ commoditized and subsequently insecure IT infrastructure.
In light of the pervasive threats they face, retailers may choose to engage third-party security vendors to assess and harden their networks. The questions detailed in this post can help them begin the process of uncovering qualified vendors.
Time is of the essence. Retailers will continue to gather credit card data. As long as they do, cybercriminals will be ready to steal it.
For more on solutions providing intelligent cybersecurity for the real world, visit www.cisco.com/go/threat-centric to learn about the industry's broadest portfolio of security solutions covering the broadest set of attack vectors.
Paul McCormack, CFE, is a freelance business writer and consultant. His areas of expertise include accounting, banking, cloud computing, corporate governance, corruption, cybersecurity, executive protection, fraud, intellectual property and money laundering.