Network Security Q&A: Tips to Thwart Cyberattacks and Data Breaches

With the holiday season well underway, many retailers are scrambling to shore up their networks and prevent against cyberattackers and the kind of high-profile data breaches suffered by Target and Home Depot. Tim Gallagher, head of the security analytics team (SAT) at Nuspire Networks, a managed network security service provider, discusses key tips to consider when thinking about retail store network security.

How often do hackers gain access to retail computer networks by entering through in-store access points?
A. According to the 2013 Cost of Data Breach Study from the Ponemon Institute, 69 percent of cyberattacks target retailers. Additionally, every day a retail network has over 110 failed attempts to login to the retail network, and each retailer may receive about 153 viruses and 84 malicious spam emails daily. With these vulnerabilities, in-store access points such as ethernet ports and USB drives on POS systems are just additional easy ways hackers can gain access to a network. Many of these access points can be better protected and hidden from hackers, making it more challenging for them to penetrate a store's system.

Q. What happens when data is stolen from a single location?
A. A network can be accessed from any store location or franchise that has a server on-site. Once a hacker finds a vulnerable access point into that server, they can easily gain connected access to the entire corporation's network and infrastructure. This gives the criminal access to critical customer and internal data.

Improving physical network control by taking measures such as securing network jacks and wireless access points through penetration testing is critical to spot vulnerabilities and prevent an attack. The network gateways at a retail branch will be scanned, tested and probed for openings seven or more times every day. Using the same techniques a hacker may use (port scanning, automated credential guessing, etc.) can help ensure that the retail enterprise finds the vulnerability before a hacker does.

Q. What are the security vulnerabilities found within physical store locations?
A. Each retail store has a number of individual network computing devices and in-store access points that cybercriminals can easily exploit.  These can be in seemingly harmless places like wall outlets and USB ports. USB ports found on cashier and backroom computers, and even customer photo printing kiosks, can be compromised by USB sticks that are reprogrammed to spoof the systems. Once the USB stick is online, the malicious code installed on the system can take control of a computer, exfiltrate data or spy on the user.

Another way hackers can get into a retailer's network is through ethernet ports that can be found in multiple areas throughout a store. Cybercriminals can plug hidden hardware devices into these ports that give them direct, remote access to the network.

"Wardriving" is another tactic cybercriminals can use to access a store's network. This method consists of driving by a physical store location and using a laptop, tablet or smartphone to detect and gain remote wireless access to a retailer's network. Once cybercriminals have detected a strong wireless signal, they will continue to use that signal to find a good way into the company's network.

POS and payment systems are some of the most obvious vulnerable points of access, but what is a lesser known POS weakness is the checkout scanner. Cybercriminals can gain access to a retailer's network by scanning their own malicious code onto a POS computer. Once the code has been scanned, they can capture payment information from credit and debit cards in near real-time.

Computer technicians or local internet providers can also pose a threat to a retailer's cyber security. Hackers know there are too many employees coming into and out of a retail location for everyone to know which technicians have legitimately been scheduled to conduct repairs. A cybercrook may come to a store location dressed as a technician to gain access to the backroom server. Once inside, they have free reign over the company's network.  Even if the physical server room is secure, cybercriminals can still gain access remotely if there is inefficient network security monitoring in place.

Q. Must a hacker have access to a POS system in order to get ahold of customer credit card data?
A. Aside from ATM skimmers, the most common source of card-present fraud is through retail payment machines that have been compromised by malicious software. This malicious software can originate from a variety of sources outside of the POS, such as other systems connected to the network, rogue wireless networks, or media plugged into the store's hardware.  With today's technology, sensitive customer data that is captured by POS systems can be stored in a number of locations in the network, and malicious code can find and take it. 

Q.How can retailers reinforce security on their POS systems?
A. To help ensure the security of their POS systems, retailers need to utilize an approach focused on two critical components: people and technology. Retailers need to make their employees aware of the physical security risks that exist within their work environment. Employees need to be actively engaged with the security practices of the organization.  Most often the employees are also shoppers at their stores, so it is their personal data at each location they need to protect as well. They also need to educate employees about security scams that involve POS systems and look for signs of foul play.

From a technology standpoint, retailers should look for a comprehensive IT solution that provides advanced data collection, monitoring, reporting, auditing and correlation across the most popular firewall, router, server and application systems. This type of technology will give retailers a clearer line of sight into their security environment and risk landscape. Beyond the system itself, retailers should also look for a security partner that can provide 24/7 monitoring by a group of professionals. Managed security services providers (MSSPs) deliver on this concept of 24/7 monitoring, 365 days a year and can help retailers stop security issues before they compromise critical company data.

Federal and industry regulations mandate that retailers actively monitor the security posture of their retail networks.  Retailers need to not only rely on software, but also security experts to investigate suspicious activity.

Q. What is the benefit to having managed security in addition to being compliant with PCI data security standards?
A. It's important to know your data. To know how it flows in and out of your organization, where it is being stored, who has access to it, the sensitivity of the information, and so on. For retailers, monitoring is a requirement of PCI policy and compliance.  Part of the monitoring policy requires that retailers implement a process to identify threats and vulnerabilities through risk assessment, which involves reviews, updates and action plans. Because retailers need to be in compliance with these standards, monitoring threats should be on a 24/7 basis, which is hard to achieve with only a small IT staff.

Real-time human monitoring is the best way for companies to keep sensitive customer data secure. Bringing on a team of security management experts is one of the most effective and thorough ways to achieve this kind of monitoring.

Q. Who can I talk to about physical and network security?
A. A growing number of retailers, big and small, with diverse geographical locations, are trusting security professionals, known as MSSPs, over trying DIY security methods or installing their own security software. Many MSSPs utilize SIEM (security information and event management) solutions, which are tools that can combine and sort network data from security devices in real-time.

Security alerts from these tools are investigated and mitigated by trained network security analysts. An MSSP can also explain to a retailer how the security of their systems is set up and provide better understanding of how it can better be configured.

This ad will auto-close in 10 seconds