Retail

On an average a Retailer face at least eight to ten cyber-attacks per year. Point of Sale systems available in huge numbers at different locations are a main attraction of malware attacks that can be hacked either remotely or directly in a store.

Retailers around the world have faced some of the most prominent data breaches putting their brand reputation and customer trust at serious risk. Damage caused by these data breaches can be wide-spread that greatly impact a retailer’s business, its partners, and most importantly, its customers.

Retailers operating in a specific city, region or globally face three specific challenges that result into cybersecurity threats –

POS systems, that they rely upon to do their day to day business Their computers systems, like any other industry Retail Employees running the store that are not cybersecurity trained

Remotely or in-person executed malware attacks on POS systems can already be noted as a big win for cyber attackers who are out to steal credit card data.

Third-party transactions are also among major challenges faced by retailers depending upon their size and mode of operations. It’s often easier to target smaller businesses that retailers do business with and to use their network access to break into the retailers’ networks. This happens because of obvious reasons of not doing cyber assessments or Third Party Risk Management (TPRM) of various components of your already huge supply chain.

CyberGen complements retail industry expertise with cybersecurity best practices developed for various customers in other industries such as financial services, manufacturing and construction, technology and healthcare. CyberGen’s cybersecurity consultants have helped secure various customers in different industries as they modernized their IT landscape and progressed securely toward complete digitalization.

Retailers must also adhere to strict compliance requirements like Payment Card Industry Data Security Standard (PCI DSS) and in some cases HIPAA as well.

MAJOR CHALLENGES FOR RETAILERS WORKING WITH POINT OF SALE(POS) SYSTEMS

POS DATA STORED ON UNSEGMENTED NETWORK

If your network components are not segmented and you are utilizing your corporate network to communicate to POS data environments and devices, you're putting your business at serious risk. In this case, if hackers gain access to your network, they also gained access to all your POS data and vice versa. It’s imperative to segment both your POS environment and corporate IT Environment. Segmenting your network as per business priority helps contain risk.

Learn More

SOFTWARE AND SYSTEM VULNERABILITIES

To manage geographically spread resources, increase convenience and to reduce cost, utilities are relying upon remotely accessible equipment and mobile devices. The shift to a smart grid will mean that utilities will add thousands of devices to their operations including new sensors, controllers, relays, meters, etc. However, vulnerabilities stemming from unsecure access or connection to critical systems via remote tools and devices are the greatest precursor to cyber incidents.

Learn More

USAGE OF DEFAULT PASSWORDS

Retailers big or small who depends upon POS for their day to day business transactions face problem with management of POS devices. For easier management of POS devices, its often noticed that businesses still use default or an easy password. It's incredibly important that you change password once a new POS device is connected to your software. It’s a known practice among hackers to pull lists of default passwords from respective manufacturer’s manuals and track them back to your devices.

Learn More

LACK OF P2PE(POINT-TO-POINT-ENCRYPTION)

Credit card numbers processed via a POS system are not encrypted in the POS system itself and can still be found in plain text within the RAM of the POS system. This old technique is known as RAM scraping and still used by hackers to get hold of credit card data from POS device’s memory before it gets encrypted on your network. It is important to make sure that your POS systems are communicating with authorized devices.

Learn More

PHISHING EMAIL ATTACKS

Phishing emails with embed links in it, if clicked, give hackers access to your employee's computer. After the hackers gained access to the machine, they can navigate throughout the network and to your data centers to gain access to any data. Even if your POS data is on separate network, you're still not in good situation as hackers can remotely access a POS device that's connected to the compromised computer.

Learn More

Digitalization powered by convenience is altering the way payments are made today. Retail industry is shifting from traditional magnetic stripe technology to payment innovations that include EMV, Near-field Communications (NFC), mobile and now crypto currency wallets. However, cyber criminals are also using the same technologies to launch increasingly damaging attacks! Talk to CyberGen expert to get your digital landscape and respective risks evaluated.

WHAT RETAILERS SHOULD DO?

An effective cybersecurity program necessitates a top-down approach. Cybersecurity organizations in retail industry must align themselves to take proactive steps to ensure that executive leadership understand the importance of security and respective risks to the organization.

Establish Cybersecurity Governance
Invest in Training your Employees and Contractors
Counterbalance Third Party Risk by establishing full-fledged Third-Party Risk Management Framework (TPRM)
Establish Robust Threat and Vulnerability Management Program
Partner with Cybersecurity Experts for Managed Security Services

KEY CYBER SECURITY SOLUTIONS AND STRATEGIES FOR RETAILERS

Embrace Cybersecurity from Top-Down

Senior executives of an Energy and Utility company must be able to accurately measure and see the levels of cyber risk that their company, its critical infrastructure and operation is exposed to. Develop Cybersecurity Metrics and KPIs for your executives and this will help your company’s management to actively support cybersecurity program and investments. Without top management understanding and support, any cybersecurity program is destined to ineffectiveness, budget overrun and/or complete failure.

Counterbalance Third Party Risk

Digitalization, IIoT and other cloud leveraged technologies now permits unified collaboration with third parties but introduce a greater risk, as your previously standalone processes are now exposed to internet. Retail companies must initiate appropriate levels of cybersecurity controls within the utility landscape by implementing comprehensive Third-Party Risk Management (TPRM) Programs to include standardized cybersecurity requirements for all collaborators and third-parties in supply chain.

Partner with Cybersecurity Experts

A retailer landscape can be spread over geographies and so as their network. Securing all entry and exit points can be challenging task. Unavailability of cybersecurity resources is a problem even with retailers that are PCI compliant. By partnering with a Managed Security Services provider , retailers can achieve 24/7 monitoring and response from experienced teams. A Managed Security Service provider can help mitigate business, financial and reputation risk from a data breach with a cost-effective model.

Regular Cyber Audits and Assessments

Now a day’s hackers and cyber adversaries are more advanced and persistent in their efforts. Most retail enterprises are still fixated on implementing basic security measures such as firewalls, IDS/IPS, AV for endpoints on corporate networks. Reducing the risk and damage from future cyber-attacks requires a fundamental change in the way retailers address cyber security. Retailers must consider endpoint protection to prevent incursion through POS terminals and encrypting data while it resides on portable device or POS system.

Invest in Security Awareness & Training

Easy target for cyber-attackers is workforce of any industry. Workforce in Retail Industry are not generally aware or trained on latest cybersecurity issues. Phishing emails are estimated to be used in majority of cyber attacks to obtain credentials and allow attackers into networks. Regularly educate your employees about the current and emerging cyber threats and develop a culture of cybersecurity regarding suspicious emails and attachments, BYOD (Bring your own device) best practices and general awareness of potential hacker activities employees may encounter at home or at work.

Addition to above it is recommended to have a Data Loss Prevention (DLP) solution to detect, monitor, protect and manage PII and CI wherever it is stored or processed, augmented by an encryption solution (MFA) to protect data on mobile endpoints, or to trigger Safe Harbor exemptions in cases of suspicious data movement. CyberGen experts will help you to cover all nine yards of cyber security in retail landscape.

Talk To An Expert

CyberGen can help protect your digital retail landscape and solve complex cybersecurity problems so that you can focus on your customer needs and simplifying their shopping experience. What would you like to do next?

CyberGen Consulting Services for Various Industry Sectors and Technologies

Guard against and respond to cyber threats that your enterprise and its systems face. CyberGen will help you identify and/or mitigate intrusions faster and with less interruption.