The Retail Sector is a key target for cyber attacks.
This is because retail organisations process massive amounts of financial data every day, often from multiple stores across the UK. As a result, there are hundreds of potential access points for an attacker.
It is likely that at any given moment, every major retailer, is under attack and even if 99 percent of these attacks are deflected. The threat is real and continuous.
To help combat this threat, this month we have compiled a number of key resources and services of specific interest to the retail sector.
As always, if you’d like more information on any of the topics covered, please email: [email protected]
Deloites – Cyber risk in retail
Protecting the retail business to secure tomorrow’s growth
Despite widespread attention to payment card industry (PCI) compliance, cyber criminals have clearly taken retailers by surprise.
Regardless of whether an organisation has been breached, there is an almost universal perception that such an event may be imminent, that companies are ill prepared, and that the problem needs to be addressed thoroughly.
This has led to a decisive shift among retail organisations. There is a growing recognition that cybersecurity has an impact on a larger universe of business risk, and “security” programs are no longer the sole purview of IT departments. Ownership for a more comprehensive approach to security has moved to business leaders themselves.
This research report summarises four key themes:
1. Compliance does not always equal risk management
2. Breach response readiness is top of mind as companies scramble to shore up detection
3. External intelligence sharing will play a crucial role in the war against cyber threats
4. Cyber risk is a business issue
The report also outlines actions that retail organisations can take near term to mitigate cybersecurity risk, and concludes with a set of issues that call for future research, dialogue, and collaboration:
* Cyber risk management is more than keeping hackers at bay
* Talent crisis will continue making it harder for retailers to address cyber threats
* A move towards cohesive payment security strategy
* ‘Data science’ movement within retail to transform how retailers detect infiltrations and threatening activity
* Improved collaboration and information sharing
* Adoption of emerging standards and better overall program governance practices
* Cyber aware workforce and customer
Email [email protected] to request your copy of the Report >>
The Essential Security Checklist for Enterprise Endpoint Backup
How to make sure your endpoint backup solution is enterprise-grade secure.
IT administrators, in all organisations, face considerable challenges protecting and securing corporate data for today’s mobile workforce, with users accessing and creating data from a wide variety of locations and networks.
Find out how to protect your company’s critical information against breach and leakage by choosing an endpoint backup solution that features enterprise-grade security with the strongest encryption, access control, cloud and private cloud security features, and data loss prevention capabilities.
Learn about critical security features that enable you to:
* Protect data on devices from breach and leaks
* Make sure only the right people have access to the right data
* Ensure organisational compliance
Read the white paper to make sure you’re checking all the boxes when it comes to security of your organisation’s endpoint backup solution.
Email [email protected] to request your copy of the whitepaper >>
Infosec Cloud offers a comprehensive portfolio of security solutions and services to hep retail organisations protect against cyber attacks. Contact [email protected] infosec-cloud.com or call 01256 379970 for more information.
Scam Alert: Deceptive Amazon Account Threat
As Amazon is the world’s largest retailer it’s surprising that there aren’t more of these scams, but this one sticks out as particularly deceptive. The emails claim to be from Amazon’s customer service, and falsely state that a small number of accounts were breached last month.
The hackers use a clever social engineering trick which requires the victims to complete a “verification process”, or else their account will be restricted. But when the user clicks the link to verify their account, they are redirected to a site that mimics Amazon where they need to login and provide personal information, payment card details and security details. The attack was traced back to Chinese cyber criminals.
We recommend you send the following to your employees, friends and family:
“Cyber criminals are attacking Amazon users with a phishing campaign that falsely claims a small number of accounts have been hacked. The email starts with an “Important Notice” and you are required to “verify” your Amazon account, by providing payment card information and security details. The email is a scam to try to trick you into revealing your credit card information and more. If you see an email like this that has not been caught by any spam filter, delete it.”
Infosec Cloud provides a certified Security Awareness Testing & Training program to help organisations build thier ‘human firewall’. Click here to read about the service >>
Find out how tokenless two-factor authentication is helping retail organisations with PCI compliance.
Case Study: John Lewis
“The John Lewis Partnership is currently in the process of rolling out SecurAccess to 15,000 employees: “SecurAccess has been really well received within the organisation, it has been working effectively and we have had no problems with the roll out.”
Case Study: Pizza Hut
“We looked at a number of alternative systems, including plastic tokens which generate a random password and cards which do a similar thing, but mobile phones came out on top. Everyone has one with them anyway, and so a system where passcodes were sent via SMS was the cheapest and most efficient way of complying with PCI DSS.”
Top 5 Requirements for Guest Wi-Fi
Today, free Wi-Fi is ubiquitous in highly trafficked retail areas.
However in addition to ensuring a high level of security and enforcing acceptable use policies, organisations need to optimise network performance and collect data that can be used to improve customer service and increase marketing opportunities, but without the burden of maintaining logs on non-essential traffic.
For example, the widely used “captive portal” or guest login page could require users to register with their name, email and other demographic information that businesses can leverage for future communication. Any company planning to deploy a guest Wi-Fi solution, or improve an existing solution with enhanced security and performance, should first consider these top five requirements:
* Separate guest and internal networks
* Enforce appropriate use.
* Protect against malware
* Enhance the mobile experience for customers and employees.
* Achieve total network visibility that supports business analytics.
Organisations have a wide range of choices for deploying or expanding their guest Wi-Fi offering. Use this checklist to assess and prioritise the requirements in order to choose the best solution.