Retail data breaches have historically occurred during the holiday season. The high volume of transactions and management’s focus on sales and inventory distract attention from a potential retail vulnerability, exposing opportunities for cybercriminals to infiltrate point-of-sale (POS) systems and online transaction streams.
Although the majority of holiday shopping occurs during the weekend between Black Friday and Cyber Monday, it often takes companies months or longer to realize they’ve been breached. It’s possible that this year’s thieves have already loaded their attack tools on retailers’ systems and will trigger them to launch when it’s most advantageous for them — and least convenient for the retailer.
Retail CISOs need to take a deep dive into their systems and unearth any possible openings that may exist before the rush begins. Here are five actions that CISOs need to undertake immediately to get ahead of breaches during peak traffic periods.
Update Your POS Systems
Every retailer uses some kind of POS system to make sales and collect payments, and all of these systems can be vulnerable to malware. While it may be impossible to protect against every new variant, POS software vendors generally understand the issues and periodically provide patches to close security gaps in their software. It’s up to the retailer to install these updates across all their stores and take advantage of the protections their vendors provide.
Retail CISOs should also ensure that all antivirus systems across the network are updated. If a POS system runs on a device with a standard operating system (OS), such as Microsoft Windows, MacOS, iOS or Android, install all OS patches and update the antivirus systems that protect them.
Lock Down Encryption for User Data
After so many data breaches resulting in stolen user credentials, it seems obvious that sensitive user information, including passwords and credit card data, would be encrypted to the highest level possible. However, data thefts continue to prove that important data is inadequately protected.
Encrypting password stores is inadequate because once the file containing the passwords has been unencrypted, all its contents are exposed and easily usable. CISOs need to go beyond the basics and use a specialized protection scheme designed specifically to secure passwords, such as SHA-2.
Secure the Network
If your POS systems are on the same network as your management controls and enterprise resource planning (ERP) systems, a breach of one can allow access to the others. Segment your network and ensure you have firewalls or proxies in place. Deploy both intrusion prevention systems and intrusion detection systems that provide alerts when malicious activity is detected.
Provide Real-Time Alerts for Indicators of Compromise (IoC)
CISOs can monitor the myriad IoCs generated and tracked across the globe, but only a relatively few are pertinent to their specific environment. IoC volume is a significant data issue that needs to be addressed by intelligent systems that can filter out irrelevant information and evaluate the remainder against the context of the environment.
Real-time alerts based on relevant IoCs can notify security staff to threats that are either imminent or in progress so action can be taken. At the same time, threat analysis needs to be transparent to the ongoing commerce, especially during peak traffic periods.
Staff education can make a difference in reducing the success and severity of cyberattacks. Coordinate ongoing employee education to raise awareness on how to help prevent intruders from accessing company systems. Train them to use the devices on which POS systems operate only for their intended purpose and not for accessing other applications or the internet. Alert them to practices that thieves posing as customers might attempt, such as using skimmers, USB sticks or other devices they might attach to systems. Put safeguards in place for technicians working on the systems so they are always supervised and properly vetted before they are granted access to equipment.
This holiday season is sure to bring a new crop of cyber intrusions. Take precautions now to make certain your POS systems won’t be compromised.
Freelance Writer and Former CIO
Scott Koegler practiced IT as a CIO for 15 years. He also has more than 20 years experience as a technology journalist covering topics ranging from software ...