For as much buzz as there is in recent times around the impending death of brick-and-mortar retail, the move to online shopping is not new. The first transactions occurred in the 1960s with IBM mainframe applications, which sped up processes such as airline ticket reservations and sales. However, these were custom applications. Online shopping as we know it today emerged much later with the development of the internet.
But even at its outset, many people thought online shopping would herald the end of in-store shopping – this was not the case. While there have been activity spikes, for many, the shopping experience is something to still enjoy actively in-person. Studies show that for as much as we do buy online, we still like to peruse the local mall, too.
Prediction Becomes Reality
Recently, there has been a change. Today’s circumstances have forced retail stores to shutter their doors and forced shoppers to stay home. With no non-essential trips allowed, the high-street and mall have fallen silent. For many retailers, this silence means that their only way to continue trading is by moving their entire business online. For now, the concern first raised at the birth of online shopping has become a temporary reality.
Unfortunately, attackers have taken advantage of this business change; and retailers have had to adapt fast. Sometimes this means that plans for security must take a backseat over decisions to ‘keep the lights on.’ When security is considered, it is often only for deployment of reactive security solutions that look at how to respond after an attack.
Retail’s Saving Grace?
Automation is a technology that can help retail to become proactive in spotting attacks before they gain a hold on services, data or applications. Automation technologies leverage data insights and machine learning (or artificial intelligence) to spot abnormal behavior and provide automated actions before an incident arises. For retail, automation is a powerful ally against cyberattacks.
• DDoS: Modern attacks are short and disruptive, lasting for seconds but regularly repeating until a site is taken offline. Automated DDoS solutions respond in real-time, re-routing traffic so that business continues while mitigating the attack.
• Ransomware: Often starts with an email. Targeted attacks may include direct voice communication for re-enforcement in the urgency of any action. Getting ahead of an attack is vital. There will be behavioral patterns, including computers accessing local data at speed, computer network communication as the malware attempts spreads and more. Spotting these patterns early and quarantining infected devices, or segmenting the network, is critical to prevent spread.
• PCI DSS: Being able to track any unauthorized changes or modifications to card and payment data is essential for not only compliance, but to protect revenues. Automation can monitor for abnormal actions, which may indicate data has been changed, modified, deleted or restricted, and then perform actions to remediate the situation.
In the above examples, the benefits of automation are clear. But how can a retail organization achieve this – especially when they are already working hard to keep everything moving in this new online-only shopping world?
Make More From the SIEM
Security information and event management (SIEM) is expensive to deploy and often ends up being treated as a ‘set and forget’ tool. It takes time and investment to set up and should improve over time, using contextual data to provide actionable insight. Unfortunately, what tends to happen is that new solutions are added, but not fully integrated into the SIEM. This increases log volumes of false positive rates. The good news is that this does not mean it is time to upgrade; a better investment would be to put some time and money into a SIEM review. It is surprising what minor changes can achieve, adapting new security feeds into existing processes to get more accurate, proactive security alerts to help keep ahead of attacks.
Even more importantly, modernizing the SIEM makes the life of an overworked security engineer that little bit easier, allowing them to focus more on improving security posture and less on managing security products.
Automate Tasks and Free Up Resources
Security automation is an area that sometimes makes engineers nervous. Is it taking their job away? Will it make mistakes? The answer to both questions is ‘no’.
Security automation uses a combination of data and machine learning to detect, investigate and remediate cyber threats with or without engineer intervention. The human element is not removed from the equation but made more efficient as technology can take over low-level events, such as spotting false positives and anomalies in network traffic. It is then the job of the security engineer to act on these discoveries. A few things to consider when looking at security automation include:
1. The business will have invested heavily in existing products. Consider solutions that do not demand a rip-and-replace, but instead leverage existing data to make decisions.
2. It is not just security devices that get hit by cyberattacks, neither only endpoints that are affected by malware. Automation tools need to have capabilities for managing and delivering automated policies to both traditional security and non-security devices, which may include routers, switches or access points.
3. Start by automating low-level tasks that reduce the overall workload of the security team. Running routines to reduce alerts will speed up the process of identifying threats and automating password policies removes one of the biggest headaches of any analyst. These are great places to start.
What About the Smaller Businesses?
While the cost of implementing SIEM or running security automation tools may be out of budget, there are still options and organizations which can help with this. For example, the Global Cyber Alliance offers a small-business cybersecurity toolkit to help with cyber protection and awareness. It contains a collection of useful documents and tools to help make a business secure.
The bottom line when considering security is to think about not whether to invest, but when to. Every business is likely to be subject to cyberattacks at some point, and the option is to either take on the cost of putting measures in place before it happens or paying to clean up after.