The weeks leading up to Christmas are the busiest for the retail industry all year, which makes this a really opportune time for cybercriminals to break in and steal credit card and other personal data from all those online and in-store shoppers. Recently we surveyed a bunch of IT professionals at UK retailers and found that many of them are concerned they won’t be prepared for attacks against them. Well, we’ve got some simple security advice that retail businesses of any size and anywhere in the world can follow to keep this season a merry one. Here are the top 6 retail threats, and what to do about them.
1. Targeted attacks: The cybercriminals need to break into your network to steal all the valuable customer data you’re storing. A common way in is to aim some credible emails at a specific area of the organization. This might be invoices or undelivered courier items for office management.
Action: Ensure you have effective endpoint, network and email protection that filters out spam, malware and dangerous file types. In addition, train employees to be suspicious of emails, especially those that contain attachments, and to report any unusual emails or attachment behavior to IT.
2. Legitimate looking sites rigged with exploit kits: Exploit kits work out in real time how to “crack” a PC. These automated kits find a weakness – an unpatched vulnerability in something like your browser or media player – and infect your computer with drive-by downloads.
Action: Most exploit kits see success due to exploits in software for which a patch is already available and just has not been deployed. Consider a patch assessment tool to ensure your operating system and applications are up to date with the latest security fixes. And install endpoint protection software and/or a secure web gateway that can identify and block exploit kits before they infect your systems.
3. Access all areas: Once they’re on the inside, the crooks want to move around your network so they can capture more than just one hapless user’s passwords and confidential files. They want access to your back-end databases, your point-of-sale (PoS) network, your testing network (which may have temporary copies of live programs and data that isn’t as secure as it should be, or have deliberately unpatched servers for troubleshooting), and more.
Action: Consider segregating your networks with next-gen firewalls that treat your internal departments as potentially hostile to each other, rather than having one big “inside” fenced off from the even bigger “outside.” And put in place a device control strategy to identify and control the use of removable storage devices – not only does this prevent bad stuff getting in with data loss prevention (DLP), but it can also help stop personally identifiable information (PII) and intellectual property (IP) data from going out. Finally, implement full-disk protection and encrypt sensitive data stored on servers or removable media for sharing with business partners.
4. Remote access: You may want or need to allow remote access, maybe even for a third party, for example the vendor of your PoS system. Many breaches happen due to slovenly password practices by outside vendors. You can just ask Target!
Action: Consider implementing your own remote access service using a virtual private network (VPN) and requiring everyone to use two-factor authentication. Do a review of your purchase requirements and vendors with your procurement team if you have a more sizeable infrastructure.
5. Automated malware: If the crooks get in and leave behind malware to automate their dirty work, that malware is often programmed to keep “calling home” to one or more command-and-control servers to fetch further instructions and to exfiltrate (sneak out) what it has found since last time.
Action: Consider web filtering and a next-gen firewall with command-and-control traffic detection. This isn’t as good as blocking the malware before it runs, but it can neutralize (and will draw attention to) malware that would otherwise make off with your crown jewels. Numerous breaches this year would have been detected and thwarted far sooner with this in place.
6. Unnecessary software: Crooks love servers that have more applications and add-on software than needed because it gives them more tricks to try when they are attempting to break in using command injections (getting the server to run the wrong command). Servers don’t usually need Microsoft Office, for example, so why have it at all?
Action: Use Application Control to keep track of, and restrict, unnecessary software that reduces security without adding any needed benefit. Periodic reviews of builds and expected configuration will also help drift or organic changes leaving you open at some point in the future.
How Sophos UTM can protect your retail business
Sophos UTM (Unified Threat Management) provides the ultimate protection against web, email and network attacks. Spec it as an all-in-one or a bespoke, layered solution with our modular security subscriptions.
Deployment is easy – as a single physical or virtual appliance, or even through the cloud. Reporting is built-in, and you can manage everything through one, intuitive console.
And Sophos UTM gives you lightning-fast performance that beats the competition in independent tests.
Read the original article, here.