Planning for the Cyber Secure Store in 2018
According to Cisco’s Midyear Cybersecurity Report, security remains one of the most important concerns for retailers as we head into 2018. In the past year alone, security breaches impacted store operations, finance and brand reputation. For those retailers surveyed as part of the study, the results are tangible:
- 54 percent said they had dealt with public scrutiny due to data breaches;
- 32 percent said they had lost revenue due to attacks in the past year; and
- 25 percent said they had lost customers or business opportunities due to attacks.
Considering the significant effects data breaches may have on a retail company, what stands in the way of greater security planning and adoption? Let’s take a look.
IoT: The Double-Edged Sword
In the old days, securing the store network to banks was a lot simpler. Subscriber lines to the banks and point-of-sale terminals was about the extent of what was needed to be protected. In those days, there were no large breaches with credit card identities being stolen.
Things have changed. Advanced attacks are common, and it's reflected in the industry mind-set. Most notably, retail security professionals surveyed said targeted attacks and insider exfiltration pose the highest risks to companies. Sophisticated targeted attacks, like advanced persistent threats (APTs) or phishing attacks, require retailers to distinguish between normal and abnormal traffic patterns, which can vary by day, week or shopping season.
Additionally, Cisco reports that fraudsters are increasingly using Internet of Things (IoT) devices in DDoS attacks. What’s more, recent botnet activity suggests they may be laying the foundation for a wide-reaching attack that could “potentially disrupt the internet itself.”
Specialized architectures, lack of visibility, and lack of patching are huge risks that unfortunately accompany the business benefits of using devices in store networks. Proper segmentation and visibility reduce those risks.
Unfortunately, segmenting and scoping the network continues to be a major challenge. Mobility, cloud and the increasing diversity of devices have stretched the network perimeter. Firewalls, although a likely first step, are no longer sufficient to ensure a secure environment.
Instead, they must work in coordination with a larger, holistic view that ranges from the device to the network to applications. Protecting credit card data, for example, properly requires that the card holder data environment be accurately scoped and subsequently segmented from the rest of the network to be effective in reducing credit card breaches.
What Creates a Cyber Secure Store
Similar to IoT, retail employees contribute significant benefits to overall customer experience. However, they also pose a great weakness to security.
Quite simply, security and network staff cannot respond to all the security alerts they may receive each day. Forty-five percent see several thousand daily alerts, but only 53 percent of those are investigated. Twenty-seven percent of the alerts are deemed legitimate, and only 45 percent of legitimate alerts are remediated.
What’s more, a quarter of retail security professionals surveyed by Cisco said they see lack of training as a major obstacle to adopting appropriate security controls.
Plan and Protect
For retailers, it’s no longer a matter of "if" a data breach will occur, but when. The clock is inevitably ticking, but there are a number of steps companies can take now to help prepare for and protect against these attacks. Consider these five techniques:
- Track how IoT devices are touching the network and interacting with other devices. For example, if an IoT device is scanning another device, that's likely a red flag signaling malicious activity.
- Surround IoT devices with IPS defenses and keep older signatures active.
- Closely monitor network traffic and implement patches in a timely manner.
- Work with vendors that have a product security baseline and issue security advisories to reduce the time to detection.
- Adopt automation to help address any gaps. Certain solutions allows users to quarantine a corrupted network segment to allow for better remediation while protecting.
You can never be entirely safe, but through proper planning, you have a better chance of having a secure store in 2018 and beyond.
Christian Janoff is the enterprise architect at Cisco Security Technology Group.
