With mere days until Hanukkah and less than a month before Christmas, retail organizations are starting to see a spike in online and in-store purchases. This is the “most wonderful time of the year” for retail because it means ending the year with a big boost in sales. However, this is also a time when malicious actors are interested in breaking into your network to steal the vast amount of customer data you’ve collected, or siphon the credit card information as it passes through your point-of-sale (POS) gateway. A new study from ACI Worldwide shows a projected fourteen percent increase in fraud attempts during the 2018 peak holiday season, and overall volumes of purchases are expected to rise 18 percent. With that in mind, what can you do to protect your retail business from malicious actors?

retail

What do I need to protect?

The first step to protecting your network is to understand what actually needs protecting. For retail, there are a variety of devices that you likely have deployed across your organization that connect to the network, but that you don’t actively think about. Some of these items may include IoT devices like IP cameras used for in-store security, or asset protection devices like smoke, fire, and water detectors that are connected on the network to provide real-time alerting to problems in remote warehouses. I recently wrote an article on reducing the IoT threat surface, if you’d like more information on protecting these devices specifically. For this article, we are looking more broadly than just IoT. There are also the top-of-mind devices that are connected like POS machines. Each of these devices is a portal for malicious actors to enter through, and need to be secured.

How do I protect these devices?

Of course you may be wondering, “how can I possibly verify that what I have on the network is secure?” Well, given the nature of these devices, security breaches are inevitable. As I mentioned, they are portals—necessary ones to be sure—for malicious actors to use to gain a foothold on the network. And because you have a large number of devices, at some point malicious actors will certainly get in. Just this week, Dunkin‘ (formerly Dunkin’ Donuts) reported a cybersecurity incident connected with their DD Perks accounts. So let us not fool ourselves into thinking we are 100% secure; even large enterprises like Dunkin’ can be compromised.

With that in mind, it is important to be able to verify that the devices you have connected to the network are only communicating with other devices on that network that are appropriate for their application. As I’ve said in other articles, “it doesn’t make sense for IP cameras to be communicating with the servers where financial documents are stored.”

Network traffic analytics

The best method to verify that network devices are only communicating with appropriate devices and that you don’t have malicious actors using your smoke detectors to gain access to your POS gateway is to use network traffic analytics. I’ll let my colleague’s article, “Network Analytics: What It Is, How It’s Used, and Who Benefits the Most,” speak to what network analytic is in detail, but “network analytics is the practice of using different types of network data to identify trends and patterns.” This is precisely what you need to be able to verify network communications and catch malicious activity before it has a change to wreak havoc across your network.

As a said earlier, breaches are inevitable, but that doesn’t mean you have to live with catastrophic consequences of a breach. By leveraging network traffic analytics from a platform like Scrutinizer, you can find malicious communications and protect your retail business from threats before they can completely take over.

Justin

Justin Jett is Director of Audit and Compliance at Plixer with roles ranging from system administration of web services to technical product marketing for Plixer’s incident response system, Scrutinizer. Jett, a graduate of the University of Maine at Farmington, is an avid learner of all things security, with a particular interest in TLS and DNS attacks.

Related