When you think of the latest in technology, Amazon, eBay, eBay.com, Facebook, LinkedIn, and others usually spring to mind. While these consumer electronic giants are well known for their advanced technical infrastructure, it is not the case for the retail space. With this in mind, security professionals need to ensure they are focusing their time and attention on securing the retailers' infrastructure and applications so as to increase their chances of driving more profitable sales and increasing their bottom line.
And at the SAP Security Forum in June, Josh Hunter, senior director of product marketing at cybersecurity firm Proofpoint, shed some light on the challenges of addressing advanced persistent threats in the retail sector.
In this episode of the Security Executives Forum (SEF), Hunter discussed how enterprise retailers have a greater potential for revenue leakage due to poor security hygiene, and how to find, remedy, and even increase that revenue.
How can the retail industry address security challenges such as the rise in sophisticated attacks, social engineering, and malware?
The key to building this type of security is developing and maintaining a dedicated security operations center. The retailer will have an admin for this dedicated group that will run the cyber hygiene function. By working with their database, and their backend, the APT team can look for signs that something might be going wrong.
APT typically looks for the most basic of signs that something is wrong:
Are we seeing some type of unusual activity? If something is happening, it will often create a replication of itself; this is essentially a denial-of-service attack that is appearing in multiple places. Is this possibly somebody trying to access that database? If they try to log in with the old password they have and get blocked, they will try the password for the new system or they will try different passwords. If they are blocked trying to login in and then they try to login into the web app version of the retailer, it's very likely they will get blocked. The theory is, they will not be able to get access because they are trying to access the retailer's web app version of the database. If they try to make an order, they will get blocked, or if they try to make a payment, they will get blocked. If they go on and try different systems and try to abuse the retailer's database, they will get blocked. Then they will move up and try to break into the main system, but they will get blocked on the way. So they will keep getting blocked. They'll keep trying different systems, trying different passwords, etc. In the meantime, they are sending continuous commands to the servers and it's obvious to the network admins that something is wrong.
So the idea of security is comprised of four components -- people, processes,