Virtual Event Today: Supply Chain Security Summit - Register Now

Security Experts:

Connect with us

Hi, what are you looking for?


Email Security

Complexity for Retailers Creates Opportunities for Attackers

The retail industry is an increasingly attractive target for criminals looking to steal large amounts of credit card data and quickly monetize it.

The retail industry is an increasingly attractive target for criminals looking to steal large amounts of credit card data and quickly monetize it.

Recent high-profile security breaches at major retailers stem from the fact that in-store networks and their components are evolving and spawning a range of attack vectors. These networks were initially built to support Point-of-Sale (POS) systems connecting to back-end servers and the corporate wide-area network (WAN). But today, new technologies and business models are pulling retailers into multiple directions in an effort to remain competitive. In-store networks are now connecting to the Internet and other third-party networks to serve many additional uses including:

• In-store marketing collateral or systems that allow customers to learn about special offers and product information

Defending Against PoS Attacks

• Intranet and Internet access for employees

• Facility management via Internet of Things (IoT) devices connected to monitor heating, cooling, and other process control systems

• Guest Wi-Fi access

• Physical security including alarm systems and camera feeds

Furthermore, POS systems are now commonly connected to the public Internet to enable both remote operations and remote support of an ever-expanding retail footprint. Not all legacy systems were designed to securely handle external connections. Built on commodity hardware, operating systems, and software components, POS systems are easily compromised using relatively unsophisticated methods of attack. Other factors including increasingly stringent annual PCI-DSS assessments and the IT industry’s growing skills shortage, particularly in the area of cybersecurity, limit the amount of resources retailers can devote to dealing with these dynamic environments. It’s easy to see how retail IT environments are becoming materially more complex and difficult to protect and manage.

Attackers understand all of these factors and are taking advantage of weak security links to gain a foothold within a retailer’s environment and obtain payment card data and other highly-sensitive information. As a response, retailers need to deploy new security controls on in-store networks to protect against attacks coming via external connections, to provide comparable protection across all store locations, and to granularly control the Internet usage of in-store users and customers. Yet challenging margin realities across the retail industry can make this initiative seem daunting. As many retailers take a fresh look at their IT security practices and solutions, the following three questions for vendors can help identify some important baseline capabilities:

1. How do your solutions support multiple locations? As you evaluate on-premises and cloud-based security solutions, consider that cloud-based deployments can scale to offer protection down to the store level without requiring any additional hardware. These Software as a Service (SaaS) solutions also eliminate many of the management and maintenance headaches and rising costs associated with numerous store locations and lack of on-site technical support. Look closely also at how they handle traffic inspection. Some solutions forward all traffic to a central aggregation point for inspection, consuming considerable amounts of bandwidth. Solutions that offer protection at the store level are able to forward ‘high-risk’ traffic only to the central location for inspection and allow low risk traffic to pass – critical for bandwidth-constrained environments.

2. What types of advanced security capabilities do you provide? Given the kinds of malware and attacks being seen in the retail industry, you must assume a hostile environment. To protect against both known and emerging threats, look for dynamic solutions that offer a variety of techniques to detect malware including traditional malware signatures as well as file and site reputation and outbreak filters. Dynamic solutions that can integrate easily with complementary defense layers, community-based threat intelligence, and sophisticated behavioral analysis and anomaly detection can identify zero-day threats and provide protection anytime, anywhere a threat is found. The ability to automatically update protections based on the latest intelligence helps retailers adapt in real-time to the changing threat landscape despite having a small security team. Solutions that are cloud-based and include protection for roaming users make it easier to enforce consistent policy-based security across stores and users.

3. What reporting options are available and how labor-intensive are they? Template-based reports that are web-based and easy to customize are a baseline for management and compliance documentation. Beyond traditional security data, detailed analysis of bandwidth consumption and utilization provides valuable information to help ensure the efficient use of networks and support innovative technologies, including Guest Wi-Fi. Advanced reporting capabilities that show employee and customer Wi-Fi browsing habits enable you to discover instances of comparison shopping with online retailers as well as unacceptable content and potentially block such activity.

There’s no limit to the technological complexity retailers face in the battle for share of wallet. New business models, innovative technologies, and an increasing number of devices and people will continue to push retail IT environments into uncharted territory. Cloud-enabled tools and processes designed to be granular and flexible provide retailers a practical way to overcome mounting complexity and reduce opportunities for attackers.

Written By

Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies, including Valtix.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Application Security

After skipping last month, Adobe returned to its scheduled Patch Tuesday cadence with the release of fixes for at least 38 vulnerabilities in multiple...