Retail Security in the Digital Age
One of the largest data breaches in retail history took place just five years ago. A group of cybercriminals forced their way into the private network of retail giant Target and started downloading the personal information of its customers.
Target originally admitted that approximately 40 million credit and debit card numbers were compromised, but later increased that to 70 million and then 110 million customer accounts, according to a CSO article.
Hacking through unsecured endpoints
Those numbers indicate this was a complex attack. The criminals were patient, waiting at each stage of the break-in to exploit the perfect weakness and gain access to the next part of the system. But it was the lack of proper endpoint security that made this cyberattack possible.
An endpoint is any piece of hardware that’s connected to your network, be it a desktop computer or a point-of-sale system. These connected devices can allow unauthorized access to vital data, such as customer credit card numbers, if they’re not properly secured.
An independent investigation of the Target breach concluded the attackers entered the system through an unsecured endpoint at the office of a third-party vendor. The attackers then used that vendor’s ability to access Target’s network to infiltrate the system and download valuable information.
Retail is ripe for cyberattacks.
In the past, sophisticated cyberattacks were primarily directed at large financial institutions. But according to the 2017 Trustwave Global Security Report, cybercriminals have turned their attention to retailers.
The report reveals 22% of data breach incidents in 2016 involved the retail industry, making it the highest targeted industry in the world. (The food and beverage industry was a close second at 20%.) So just because the Target breach took place in 2013 doesn’t mean retailers are secure today.
The retail landscape is changing.
As consumers continue to prefer online shopping, brick-and-mortar stores are increasingly forced to rethink the traditional retail model in order to bring in traffic. Their solution? Implementing new technology to make the customer experience exciting and hassle-free.
For example, Amazon recently opened Amazon Go, a physical grocery store located near its Seattle headquarters. The brick-and-mortar store uses a vast network of newly designed sensors and cameras, along with customers’ own smartphones, to determine the exact product each customer takes off a shelf. Once the product has been identified, the technology adds it to a digital cart.
When the technology senses the customer (and his or her smartphone) has left the store, it charges their Amazon account. There are no cashiers or self-checkout scanners — customers just walk in, pick up what they want and walk out. The result is a seamless user experience, with no wait times or hassle.
Amazon Go may transform the grocery store model, but here’s an important thing to consider: How is its vast network of devices secured? While consumers and retailers look to this new model as the future of retail, cybercriminals see endless opportunities for exploitation.
Security and mobility: A balancing act
Traditionally, retail security has begun and ended with Payment Card Industry Data Security Standard (PCI DSS) compliance. This checklist consists of requirements such as “protect stored cardholder data,” which offers no further direction on how or to what extent this data should be protected.
So how do you secure a retail environment that capitalizes on the Internet of Things without sacrificing mobility? As technology becomes more ingrained in the new store model, companies need a retail security solution that ties their many mobile devices into a central, secured network and allows IT personnel to detect and react to attacks in real time. Again, endpoint security is a must.
Products such as Symantec Endpoint Protection 14 (SEP 14) can help keep cyberattacks at bay by mapping and securing endpoints across your organization. This endpoint security solution leverages artificial intelligence to detect and analyze threats in real time within a single management platform, allowing personnel to quickly respond to attacks.
Plus, for retail clients, Symantec combines solutions and services for a truly unified approach, including data loss prevention, encryption on mobile endpoints and assessing process gaps.