Retailers under attack: Security lessons for all SMBs

Retailers have been among the hardest hit data breach victims in recent years despite their diligence in complying with the Payment Card Industry Data Security Standards (PCI DSS) and other measures for protecting electronic transactions.

The largest of these is Target, which had 40 million payment card numbers and personal information on an additional 70 million people stolen. This is followed by Home Depot, which lost 56 million card numbers and 53 million email addresses to cybercriminals. High-profile cases in the US also included retailers such as Walmart, CVS and Costco.

In the few months after it was breached, Target had spent US$61 million on customer response measures. Still, the company’s reputation took a beating with its profit for the holiday quarter plunging 46% from that of the previous year. Meanwhile, retailers like Staples offered free credit monitoring, identity theft insurance and credit report to customers of payment cards who might be at risk.

But those measures failed to dispel lingering concerns about the unknown extent of a breach and the chance of malware still lurking on the network. At Home Depot and Target, investigators had zoomed in on a supplier’s stolen network credentials as one cause of their breaches – a finding that would have shaken consumers’ confidence in retailers’ ability to keep data safe.

Clearly, retailers have to protect their entire supply chain network. And they have to salvage their reputation and regain lost consumer confidence. In Singapore, the country’s Personal Data Protection Commission recently fined four organizations and warned seven others, including retailers Challenger Technologies and Metro, for not exercising due care or implementing adequate security measures to protect consumers’ personal data.

Multi-vector attack on expanded surface

As retailers begin to engage with consumers, partners and suppliers via multiple online channels and electronic payment systems, multiple entry routes have been opened for cyber attackers.

The Dell Security Annual Threat Report 2016 highlighted different ways of malware distribution and infection. The threat vectors could range from email spam to wearable cameras, electric cars and Internet of Things devices. Malware has also been aimed at specific targets such as Black Friday shoppers or groups who speak a certain language. Additionally, retailers have to grapple with malicious threats that exploit the vulnerabilities of Near Field Communication to compromise mobile apps and point-of-sale (POS) terminals.

The high-profile data breaches that distressed retailers offer useful lessons for all small and medium businesses (SMBs). For a start, all employees in the entire supply chain must be trained in security awareness. Retailers and SMBs need a holistic approach to cyber defense that integrates multiple security tools, POS systems and back-office systems; detects anomalies and intrusions from multiple attack vectors; and extends beyond a single layer of defense.  

How to repel multi-vector attacks

In response to the multi-vector cyber threat landscape, Dell analyzed data that it had gathered over years of defending its customers. From this vantage point, Dell developed a blueprint for multi-layer defense and built it into its SonicWALL next-generation firewalls.

The blueprint recommends:

  • Zone-based security in stores – Administrators can separate and protect network resources; group similar interfaces and apply the same policies to them; and add necessary exceptions. For example, they can isolate customer-facing machines, inventory servers and back-office data warehouses in separate zones to control access to them. Hence, data from POS can be sent for payment processing only.
  • Adaptive security policy – Many administrators tend to manually vet intrusion prevention signature updates for firewalls and then apply only the most critical ones to minimize performance overheads. This time-consuming process leads to a delay in applying protection against emerging network threats. Dell’s blueprint allows the firewall to automatically download updates, identify new signatures and then, based on the organization’s high-medium-low policy for protection against threats, apply the signatures.
  • Unified, cross-threat intelligence – A cloud-based gateway anti-virus (GAV) collects samples of data — spam and botnet feeds, phishing and content filtering submissions, honeypots, etc. — and analyzes them in the cloud. It makes available signatures for identified threats to next-generation firewalls (NGFWs) worldwide, reducing response time and augmenting an organization’s computing power.

Dell’s blueprint suggests technologies at several layers to identify and block multi-vector threats. They enable:

  • Low-latency, byte-by-byte packet inspection of the complete file, including attachments and compressed archives regardless of port or protocol
  • Inspection of Secure Sockets Layer (SSL) encrypted traffic regardless of the port being used (this is HTTPS traffic that is used with Google searches)
  • The ability to identify malicious code in new mutations
  • Email scanning, which checks the IP address reputation of senders and verifies message content, structure, links, images and attachments  
  • Intrusion prevention with anti-evasion capabilities that first normalize data and decode any threats to mitigate the risk of vulnerabilities in applications, clients and servers

Scalable, consolidated security

Dell’s multi-layer blueprint essentially helps retailers and SMBs to slow the progress of an attack enough to identify it, then stop it before it wreaks havoc. It facilitates cost-efficient network management while providing vital technologies such as 802.11ac wireless and enterprise-grade security.

For distributed enterprises and small and medium businesses, this is achieved with the Dell SonicWALL TZ Series firewalls that linked with Dell X Series switches has the capability to expand secure ports. The Dell SonicWALL Global Management System (GMS) provides unified, scalable, consolidated administration of TZ Series firewalls, including the smart-managed X-Series 1GbE and 10GbE switches, Dell SonicPoint wireless access points, and Dell SonicWALL WAN Acceleration (WXA) devices, all from a single console. The TZ firewalls running on the SonicOS firmware architecture can securely manage up to 100-odd more ports when combined with X-Series switches.

This is a QuestexAsia feature commissioned by Dell Security.