To better protect POS systems and innovate to improve customer satisfaction and operational efficiency, retailers need to think differently about security
Last year retail data breaches were in the news like never before. While the actual number of data breaches was fewer than the number experienced by government agencies and financial institutions according to the 2015 Verizon Data Breach Investigations Report (VDBIR), they were more visible since they involved brands we all know so well. The breaches affected more than 100 million consumers who shop at these popular stores – and those are just the ones we know about in the U.S.
When retailers experience a high-profile breach, profits fall, customer dissatisfaction lingers, executives lose their jobs, and breach-related financial expenses soar. With large amounts of financial, personal, and even medical information on their networks, the retail industry will continue to be an attractive target to attackers for years to come. In fact, opportunities for attackers will likely increase as retailers, striving to remain competitive, jump on the latest trends, including:
Creating a hyper-relevant experience for consumers. The means enabling a shopper to accomplish what they want to do at that moment – be it maximizing loyalty points, getting through a checkout line quickly, or obtaining help from a store associate. To accomplish this level of real-time service new Internet of Everything (IoE) technologies such as sensors, Wi-Fi, beacons, mobile devices, and RFID tags must become part of the IT infrastructure.
Adopting mobile Point of Sale (mPOS) systems. As legacy POS systems are refreshed, mPOS systems are being rapidly adopted. Using mobile devices for POS brings the checkout experience closer to the consumer but these systems must be able to quickly access consumer data and provide an efficient, secure experience.
As retailers upgrade existing systems and adopt new IoE technologies, their success will inevitably depend on more than just technology but how they gain and maintain consumer trust. Security is now a top priority for consumers and retailers alike. The ability to protect payments as well as customer data could impact not only where people choose to shop but what information they are willing to share with retailers.
To enhance security you need to start by understanding how attackers work. While each retail breach is unique, there are common paths attackers take. A typical POS attack unfolds in the following manner:
1. Attackers first gain a foothold in a system. This may be by exploiting a vulnerability, spear-phishing a third party vendor, or even employee involvement.
2. Having gained access, attackers exploit vulnerabilities and weaknesses to gain full control over the system.
3. The attackers then survey the internal network to find ways to expand the breach and take further control, ultimately reaching the POS systems.
4. Attackers install malware on POS systems by exploiting vulnerabilities or by compromising system update functionality.
5. Once installed on the POS system, the malware collects financial and personal data.
6. Stolen data is transferred to a system with Internet access.
7. Stolen data is exfiltrated outside of the organization to the attacker.
To better protect POS systems and innovate to improve customer satisfaction and operational efficiency, retailers need to think differently about security.
As history has shown, there’s no such thing as 100 percent prevention. The fact is attackers make it their job to figure out how to evade current defenses and infiltrate the network. Retailers have few, if any controls to detect, contain, and remediate once attackers are inside the network. Traditionally, retailers have focused on protecting in-store networks by securing the perimeter. But in-store networks and POS systems are now connecting to the Internet and third-party networks, spawning an increasing range of attack vectors. Most retailers lack adequate visibility and control across these extended networks to address attacks that are difficult to block initially or subsequently detect and stop once on the network.
What’s needed is a threat-centric approach to security with protection along the full attack continuum – before, during, and after an attack.
Before an attack there’s more you can do besides applying prevention-based controls. You need total visibility into your environment including new mPOS systems; network segmentation to prevent the spread of malware; strategies to ensure patches are being applied and systems are up to date; and an incident response plan.
During an attack you need the ability to continuously detect and block malware that has already penetrated the network as well as contextual awareness – aggregating and correlating data from across your environment to look for indicators of compromise and other behaviors that happen over time and may point to a threat.
After an attack you need to be able to marginalize the impact of that attack. That’s where retrospective security comes in, to quickly identify the point of entry, determine the scope, contain the threat, eliminate the risk of re-infection, and remediate.
With a threat-centric approach to security you’ll be able to innovate with confidence, delivering the high level of service consumers expect and do so securely.