November 15, 2017 By Scott Koegler 3 min read

Retail data breaches have historically occurred during the holiday season. The high volume of transactions and management’s focus on sales and inventory distract attention from a potential retail vulnerability, exposing opportunities for cybercriminals to infiltrate point-of-sale (POS) systems and online transaction streams.

Although the majority of holiday shopping occurs during the weekend between Black Friday and Cyber Monday, it often takes companies months or longer to realize they’ve been breached. It’s possible that this year’s thieves have already loaded their attack tools on retailers’ systems and will trigger them to launch when it’s most advantageous for them — and least convenient for the retailer.

Retail CISOs need to take a deep dive into their systems and unearth any possible openings that may exist before the rush begins. Here are five actions that CISOs need to undertake immediately to get ahead of breaches during peak traffic periods.

Update Your POS Systems

Every retailer uses some kind of POS system to make sales and collect payments, and all of these systems can be vulnerable to malware. While it may be impossible to protect against every new variant, POS software vendors generally understand the issues and periodically provide patches to close security gaps in their software. It’s up to the retailer to install these updates across all their stores and take advantage of the protections their vendors provide.

Retail CISOs should also ensure that all antivirus systems across the network are updated. If a POS system runs on a device with a standard operating system (OS), such as Microsoft Windows, MacOS, iOS or Android, install all OS patches and update the antivirus systems that protect them.

Lock Down Encryption for User Data

After so many data breaches resulting in stolen user credentials, it seems obvious that sensitive user information, including passwords and credit card data, would be encrypted to the highest level possible. However, data thefts continue to prove that important data is inadequately protected.

Encrypting password stores is inadequate because once the file containing the passwords has been unencrypted, all its contents are exposed and easily usable. CISOs need to go beyond the basics and use a specialized protection scheme designed specifically to secure passwords, such as SHA-2.

Secure the Network

If your POS systems are on the same network as your management controls and enterprise resource planning (ERP) systems, a breach of one can allow access to the others. Segment your network and ensure you have firewalls or proxies in place. Deploy both intrusion prevention systems and intrusion detection systems that provide alerts when malicious activity is detected.

Provide Real-Time Alerts for Indicators of Compromise (IoC)

CISOs can monitor the myriad IoCs generated and tracked across the globe, but only a relatively few are pertinent to their specific environment. IoC volume is a significant data issue that needs to be addressed by intelligent systems that can filter out irrelevant information and evaluate the remainder against the context of the environment.

Real-time alerts based on relevant IoCs can notify security staff to threats that are either imminent or in progress so action can be taken. At the same time, threat analysis needs to be transparent to the ongoing commerce, especially during peak traffic periods.

Educate Employees

Staff education can make a difference in reducing the success and severity of cyberattacks. Coordinate ongoing employee education to raise awareness on how to help prevent intruders from accessing company systems. Train them to use the devices on which POS systems operate only for their intended purpose and not for accessing other applications or the internet. Alert them to practices that thieves posing as customers might attempt, such as using skimmers, USB sticks or other devices they might attach to systems. Put safeguards in place for technicians working on the systems so they are always supervised and properly vetted before they are granted access to equipment.

This holiday season is sure to bring a new crop of cyber intrusions. Take precautions now to make certain your POS systems won’t be compromised.

More from Retail

5 ways to improve holiday retail and wholesale cybersecurity

4 min read - It’s the most wonderful time of the year for retailers and wholesalers since the holidays help boost year-end profits. The National Retail Federation (NRF) predicts 2022 holiday sales will come in 6% to 8% higher than in 2021. But rising profits that come at the cost of reduced cybersecurity can cost companies in the long run when you consider the rising size and costs of data breaches. The risk of data breaches and other cyber crimes can make this shopping…

Cost of a data breach: Retail costs, risks and prevention strategies

3 min read - Whether it’s online or brick-and-mortar, every new store or website represents a new potential entry point for threat actors. With access to more personally identifiable information (PII) of customers than most industries, bad actors perceive retail as a great way to cash in on their attacks. Plus, attackers can duplicate attack methods more easily since retailers share similar cybersecurity infrastructure. The good news for retail is that the cost of a data breach in the sector remains low compared to…

Lessons learned by 2022 cyberattacks: X-Force Threat Intelligence Report

3 min read - Every year, the IBM Security X-Force team of cybersecurity experts mines billions of data points to reveal today’s most urgent security statistics and trends. This year’s X-Force Threat Intelligence Index 2022 digs into attack types, infection vectors, top threat actors, malware trends and industry-specific insights. This year, a new industry took the infamous top spot: manufacturing. For the first time in over five years, finance and insurance were not the top-attacked industries in 2021, as manufacturing overtook them by a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today