4 Tips for Better Retail Cyber Security

In 2018 alone, enterprise retailers such as Saks Fifth Avenue, Lord & Taylor, Sears and Under Armour have fallen victim to major data breaches targeting consumers. The online retail industry has become a prime hunting ground for cyber criminals, especially with new payment technologies that are transforming the way consumers shop, whether it’s online, via mobile or in-store. These technologies provide new entry points for cyber criminals, who use various techniques to easily slip past legacy security solutions and security teams.

In addition to storing critical transactional data, retailers are now storing large volumes of business-related data, pertinent for operations, business management, procurement and logistics. When there's valuable consumer information and enterprise business data to steal and profit to be made, cyber criminals won’t be too far behind.

Retailers Continue to Fall Victim

In 2017, research showed that retailers were among the most preferred prey for cyber criminals seeking customer data. These threat actors are no longer relying on traditional attack vectors like malware to get into the environment. New trends including credential theft and advanced exploits mean that legacy antivirus solutions no longer suffice in protecting against targeted attacks.

These threats aren’t only for online shoppers. Consumers need to think twice about handing over their credit card details in-store as well. This risk here is that point-of-sale (POS) terminals are ripe with payment data which hold value on the dark web. Attackers plant malware on POS systems to primarily steal customer payment data.

Retailers Can Fight Back

There are a number of cyber practices and tools that can help retailers build a stronger defense system. Retailers need to implement solutions that provide real-time visibility into what's happening in their network to identify and mitigate an intrusion before it becomes a breach. Research shows that in 2017 the average attacker’s breakout time was one hour and 58 minutes, and it continues to narrow as attacks grow more sophisticated. This means that once an intruder compromises a network, they can move laterally to other machines within the network in less than two hours. Retail security operations professionals have this very small window of time to detect threats, investigate, contain and then remediate the incident before it becomes a breach.

Retailers should also evaluate third-party suppliers and business partners based on the risk they present to the business to prevent supply chain vulnerabilities. Attackers are increasingly targeting the IT supply chain and partner networks since they generally have fewer security controls in place. Self-certification processes are proving less reliable, so retailers should shift to proactive cyber-risk monitoring and mitigation with suppliers to mitigate third-party risk.

Retailers should adopt these basic cyber hygiene practices for more robust security:

• Determine where your most sensitive data and networks are located and implement endpoint detection and response technology. Focus your limited resources on those areas of the network that are most vital to the health of your business. This will enable organizations to identify irregular activity and eliminate “silent failure” — i.e., the gap between when an intrusion begins and when it’s discovered. Any and all connections to the internet from your retail corporate environment should be monitored to identify data leaving the network.
• Default passwords should never be used, especially for hardware devices that can allow direct access to critical data. Retailers should require strong passwords for all users, including default or built-in accounts. Identity and credential management is critical to stronger security.
• Patching operating systems and third-party applications is one of the most inexpensive and effective ways to harden a network, while leaving your resources to be better spent on detecting advanced adversaries. Through building a strong patch management process, you can ensure critical security patches are installed as soon as possible.
• Next-generation antivirus (NGAV) is critical to being able to detect and prevent malware on POS terminals. Unlike traditional AV prevention, effective NGAV doesn't rely on reactive constant signature updates to allow businesses to detect and stop attacks, even those that are unprecedented.

In 2017, the average cost of a data breach was $3.62 million, not to mention the impact of negative press and a damaged reputation. It's essential for retailers to strengthen cyber security to not only reduce risk, but ensure customer loyalty. Attackers will continue to adapt their techniques to take advantage of legacy technologies such as ineffective antivirus solutions or unsecured payment systems. Retailers must evolve their security platforms to withstand potential attacks and recover quickly from a security event.

Dan Larson is the vice president of product marketing at CrowdStrike, a provider of next-generation endpoint protection, threat intelligence and incident response through cloud-based endpoint protection.