Retail Cyber Security Threats and Solutions

Verizon, in their report analysis on major Data Breach Investigations of 2016, summarized the menace of cyber threats as:

“No locale, no industry or organization is bulletproof when it comes to the compromise of data.”

This is no exaggeration, and the issue has become a crucial challenge for organizations across the globe. No matter the industry, or size of the enterprise, the figures have escalated to an alarmingly high pitch.

Consider the WannaCry ransomware attack and the recent Google phishing attack as cautionary tales. In the case of the Google phishing attack, messages were sent by an attacker using OAuth (Open Authorization) credentials attached to legitimate accounts, the messages appeared to be from friends or business associates including their photos. Checking the received headers and other technical steps used to verify the provenance of these messages, showed that they were legitimately sent through Gmail... because they were. When opened, the recipient gave the attacker permission to access everything – including the recipient's contacts that were used to send infected emails out to contacts who were now also subject to this phishing attack. In the wake of the industry’s giant leap to omni-channel platforms, cyber security and data protection have become a larger issue for the home furnishings retailers. The statistics gathered from recent reported cases point to a future dark trend in cyber crime.

In 2014 major retail data breaches involved incidents of breaking into leading retailers’ data mines, revealing the confidential information of over 495 million customers. Similarly, a total of 523 cyber assault incidents were reported in the retail industry in 2015, of which, 164 incidents caused huge data losses to targeted retail organizations.

Likewise, according to the BDO Retail Risk Factor Report published in 2016, cyber threats and data breaches were reported as one of the core challenges facing the industry. The report also said that the frequency of incidents has exponentially increased, with each retailer studied facing at least eight assaults per year, of varying types and intensities. 74% of those attacks were critical, causing sizable damage.

Several basic types of cyber threats cause considerable damage to furniture retailers every year. Some of the major types of data breaching attacks are described below:

Ransomware

Ransomware is a major threat to home furnishings retailers. A ransomware attack does not merely freeze systems; it holds them hostage, takes control of data and asks for a ransom. If a retailer refuses to pay, the assaulters may demolish systems or leak confidential data for global perusal.
What makes ransomware the biggest threat for retail businesses is that it can barely be detected before it spreads its evil. A ransomware attack may be disguised as an email embedded with an infectious link from an authentic source, such as was previously mentioned in our discussion of the Gmail phishing attack, or look like it was sent from a bank or business partner. Upon clicking the link, the attackers access the system and lock it until a price is paid.

Device Specific Malware

The circuitry of omni-channel retail includes multiple devices and endpoints. Attackers tend to target the intermediary device or the center terminal connected to multiple other devices. In most cases, they aim to target the Point of Sale terminal, since it is a major information handling spot, storing confidential information such as client contacts and bank account details.

Data Invasion

Omni-channel furniture retailing often provides cyber attackers with an expansive virtual landscape, featuring multiple terminals that make it easy to break into systems. A majority of these attacks are facilitated by a major weakness that catches the attention of attackers, allowing them to break into systems.

Data Backup Pitfalls

Data is the key component that drives retail business activity. Particularly, in the case of omni-channel retailing, data serves as the ultimate fuel accelerating innovations, regulating daily business activity, designing improvements, cutting costs and boosting sales.
Cyber criminals are aware of the significance of this data for retail business. Most cyber attacks are, therefore, aimed at breaking into data mines, to either manipulate a business or exploit data for their personal gains.

In order to minimize data loss in the case of a potential cyber attack, data backup is routine. Unfortunately, most retail backups are made on external storage devices or free cloud storage drives. Although these backups are regularly updated, external hard drives used for the purpose of data storage fail to retrieve 20% to 50% of lost data, in the case of a cyber attack. Moreover, they are also prone to physical damage and theft.

Similarly, online backup services are often accused of violating privacy. These cloud storage platforms are also prone to cyber threats. The process is slow and often terminates in the case of a network error. Therefore, online backups are not your best bet when it comes to data security.

A smarter approach to ensure an efficient data backup is to hire a professional data backup service designed with the security of retail operations in mind. Specialist data backup service providers create secure backups on off-site storage servers after scanning data for malicious threats. The backups are completely automated, programmed and circumscribe all aspects of regular retail operations.

The smart and automated maintenance of backups ensures that each bit of your Big Data is safely replicated and stored. This makes it convenient for you to steer a bad situation in your favor. In the case of a data breach, it will minimize damage to data mines and ensure smooth and uninterrupted retail operations.

In addition to making sure you have the right kinds of backups, you may want to employ additional countermeasures such as:

Secure Points of Exposure: Since omni-channel retailing features a host of programs and devices, all connected in a networked circuit, a single device prone to a cyber threat or malware attack may cause your systems to collapse. Therefore, it is essential to protect all devices with an up-to-date Anti-Virus & Anti-Malware program such as Trend Micro, Malwarebytes.

Add a Layer of Filters: Make it a point to enhance your system security by adding a layer of filters to major tasks as well as routine operations. Cyber threats mainly come creeping through the networks, so it is essential to add email and web filters to secure web browsing and email correspondence functions. There are other filters as well that can be used, but these are beyond the scope of this article to describe.

Control Accessibility: Cybercriminals tend to attack employee accounts with the highest level of access and control over systems so they can break into data mines. That's why it is important to limit system accessibility to the most trusted employees and incorporate two-step authentication to the account login process.

Furniture Retail Case Study

Here's a recent case study about an attack on a mid-sized Furniture retailer operating fifteen stores with a single distribution center. The head office and all of the stores were well connected with secure network connectivity in a spoke & wheel arrangement.

The trouble started when a store employee received an email with a pdf attachment. Within 10 minutes, the entire network, machines, files, servers, databases – everything was encrypted – CryptoLockered!!!

The perpetrators set the ransom at $28,000 to be paid in bitcoins. The retailer decided not to pay or negotiate with terrorists, and they really didn't need to, since secure backups were in place. 

After consulting with this client, the database, files and folders were restored from a backup. Systems were up and running in less than an hour. The data loss consisted of just one day's work.

The successful backup was the only thing that saved this retailer from losing all of its data. Some housekeeping items, like those suggested above, helped too.
Often, retailers don't install adequate levels of security until an attack like this occurs. In this case, the retailer installed a security network for the whole enterprise to prevent another such occurrence.

10 Steps You MUST Take TODAY

1. Implement web filtration so only known and approved websites are accessible.
2. Set up anti-virus and Anti-Malware programs on every machine in the network.
3. Set up separate wi-fi networks to give store guests, employees, HR and executives access to the internet with or without restrictions as appropriate.
4. Double up the efforts on backups with mirroring and running images every night.
5. Set up a duplicate server environment to cross check backups periodically.
6. Implement a Storage Area Network (SAN).
7. Wherever applicable, set up secure transport protocols.
8. Enhance spam filters to weed out junk effectively.
9. Train users to not open all email files they receive and how to identify phishing attacks.
10. For company-wide communications, set up communication portals via SharePoint so generic phishing is eliminated.