While many people will be kicking off their holiday shopping this weekend to take advantage of brick-and-mortar or online deals, unsavory hackers will be working on gaining access to consumers’ personal information through retailers for malicious purposes.
Retailers are often targeted during these peak trading periods when it may be easier for criminals to hide their actions in the traffic. Hackers may use distributed denial of service (DDoS) attacks to flood retailer networks to render them unavailable to customers. They could also look for vulnerabilities in a retailer’s web site and IT operations to exploit by redirecting traffic for online payments to a fraudulent site, or find a gap in cloud security. With the rise of ransomware, retailers are at greater risk than ever this holiday season. Last week’s news about a breach at Forever 21 is a reminder of what can happen if retailers haven’t taken all the steps needed to tighten their security posture.
Below are five tips retailers could take to build up resilience against cyberattacks:
1. Staff awareness: As retailers often hire temporary workers during the holidays, staff training is vital. Staff should be educated on the need to remain vigilant in validating customer identification, looking for any physical signs of intrusion, such as point-of-sale terminals showing signs of tampering. Staff should know what to do or who to call if they see anything suspicious.
2. Monitor and detection: Retailers typically have widely distributed networks with many remote locations, plus an online presence, with many points of attack. Monitoring the network and endpoints is essential to detecting threats. Complimenting this with threat intelligence data can help identify emerging and popular threats against retailers.
Most retailers would benefit from a centralized thread detection and response platform that can provide security visibility across cloud and on-premises environments, such as AlienVault USM Anywhere™. https://www.alienvault.com/products/usm-anywhere
3. Share threat data: As many criminals share attack methods and hit multiple retailers at the same time – it is useful for retailers to share threat data amongst themselves. This can include malicious techniques and IOCs (indicators of compromise) so they can take pre-emptive steps to thwart attacks.
The retail cyber intelligence sharing center https://r-cisc.org is a good resource for retailers. Additionally, AlienVault Open Threat Exchange (OTX) https://www.alienvault.com/open-threat-exchange is a free, crowd-sourced threat intelligence platform.
4. Implement a response plan: Taking into account varied threat scenarios, retailers should implement response plans. These would include technical controls, such as isolating systems or rebuilding servers, or they could be more procedural and communications based – these also take into account how partners and customers should be notified of an incident.
5. Have a backup plan: Backup procedures should be implemented in the event any systems become unavailable. For example, if the POS terminals are rendered inoperable, there should be alternative off-line means available to take payments.
For consumers, the biggest danger from retail cyberattacks is loss of personal information, such as their Social Security number, date-of-birth, and home address. This information can be used to take control of their assets as well as be sold on black markets like the Dark Web. The best advice for consumers is to more regularly monitor credit, debit and ATM card activity for fraudulent transactions and immediately report anything suspicious.