Protecting the Omnichannel With Comprehensive Security Defenses

Transcription

1 Protecting the Omnichannel With Comprehensive Security Defenses

2 TABLE OF CONTENTS Is Your Omnichannel Environment Prepared for Today s Sophisticated Cyber Threats?...3 Level 3 Network-Based Security...5 Brick and Mortar Channel...6 ecommerce and Online Channels...9 Contact Center Channel...11

3 IS YOUR OMNICHANNEL PREPARED TO DEFEND TODAY S ATTACKS? Retailers should fear the hacker, not the auditor. While PCI DSS compliance is an important piece of the security checklist, it s not enough to protect retailers from sophisticated cyber attacks that fall outside of the cardholder data environment (CDE). A PCI compliance audit is a little like making sure a lock is on your front door but it doesn t guarantee that the lock stays in place. Not to mention, cyber criminals are constantly uncovering new entry points and vulnerabilities to invade your network outside of the PCI environment. With more sales traffic over more channels than ever before, hackers have more opportunities to launch advanced cyber attacks and infiltrate your retail networks. You need to be prepared. With the potential for significant business disruption and negative customer experience on the line, mitigating risk should be a top concern for the entire retail organization. Everyone across the brand from marketing to merchandising to sales should have a vested interest in building defenses that prevent damaging attacks. 97% of retail CIOs say security is their #1 concern. 1 1 National Retail Federation/Forrester Research Inc, Retail CIO Agenda 2015: Secure and Innovate, Feb PREVIOUS PAGE NEXT PAGE BACK TO TABLE OF CONTENTS 3

4 Why are retailers so vulnerable to cyber attacks? First, many retailers operate in siloed, legacy IT environments without a uniform security policy. This outdated IT infrastructure opens up risks and vulnerabilities for advanced cyber threats. Second, highly distributed and hybrid retail environments, combined with new endpoints like kiosks, BYOD, IoT, mpos and Wi-Fi provide an expanded attack surface for cyber criminals to exploit. To better protect your omnichannel retail environment, you need more than just a patchwork approach that introduces single points of vulnerability and failure. Retailers need to implement advanced detection of malicious activity in addition to preventative measures. With stronger security controls on systems outside of the cardholder data environment, you can move beyond PCI to create a more holistic security strategy. RETAIL IT SECURITY ENVIRONMENTS ARE EVOLVING AND SO ARE ATTACKER EXPLOITS While there is no silver bullet to stop cyber thieves, Level 3 can help deliver network-based adaptive security architectures to better defend against advanced threats. 16% of retailers believe they have implemented advanced perimeter protection. 2 2 Retail Info Systems News, Business-Driven Security, July BACK TO TABLE OF CONTENTS PREVIOUS PAGE NEXT PAGE

5 LEVEL 3 NETWORK-BASED SECURITY: To Stop Attackers, You First Have to See Them Coming Retailers need a foundation for their omnichannel environment that builds layers of security beyond PCI compliance. And to see attackers before they invade the network, it s critical to leverage actionable threat intelligence that tracks two-way communications to identify suspicious and malicious network activity. 197 days that s how long it takes for a retailer to detect an advanced exploit in their environment. 3 With more than 65,000 TCP ports in a firewall, hackers are constantly scanning your systems for open, internet-facing ports they can use to steal data. But outside hackers aren t your only concern. Temporary and contract employees can also bring infected devices into the network. Without the right tools, you may not recognize the exploit. How do you stay on top of it all? PCI Compliance Is Essential, but Alone It s Not Enough Since PCI compliance only requires an annual audit, retail security should consider focusing on what happens in between. Conducting regular vulnerability assessments and testing of the entire environment including endpoints, applications and the network is essential. Actionable threat intelligence also enables retailers to strengthen assessment priorities, resulting in better allocation of security resources and personnel. Level 3 SM Adaptive Threat Intelligence looks at IP addresses, analyzes for suspicious network communications and alerts you to policy violations and vulnerabilities. The solution requires neither hardware nor software and offers a 100% cloud-based approach to actionable threat intelligence for retailers. To help you stay ahead of rapidly evolving exploits, Level 3 SM Threat Research Labs proactively analyze the threat landscape through comprehensive attack visibility across our global backbone. We correlate information from proprietary and external sources to better protect your retail networks across the omnichannel. And if suspicious activity is detected, we provide 24/7 alerts so you can respond quickly. If the internet is the highway, some ISPs build the roads and on/off ramps, but they aren t accountable for what cars and trucks do on it. Level 3 takes more responsibility for who s driving recklessly on our highway and uses our network data to find bad guys even before they harm our network or customers. Dale Drew, CISO, Level 3 3 Ponemon Institute, Advanced Threats in Retail Companies: A Study of North America and EMEA, 2015 PREVIOUS PAGE NEXT PAGE BACK TO TABLE OF CONTENTS 5

6 BRICK AND MORTAR CHANNEL: Don t Let Cyber Threats Compromise Your Storefronts As technology accelerates the pace of change, retailers are bringing the best of online digital engagement directly into the store environment. However, bypassing security controls to implement the latest in-store technologies and SaaS applications opens the door to vulnerabilities and cyber attacks. Protecting the retail environment begins with securing the access methods to the internet from the physical store and implementing advanced malware detection capabilities. Retailers operating with outdated, patchwork security and on-premises hardware models may struggle to manage and secure critical endpoints and with brand reputation and profitability on the line, there s no room for security errors. Quickly implementing the latest in-store technologies and digital engagements at the expense of security is a strategy for failure. Chris Richter, SVP Global Security Services, Level 3 Today s cyber criminals are targeting more than just credit card data. They want financial records, employee information, healthcare records, PII anything they can sell or use to craft phishing and social engineering attacks aimed at your employees. Without a security governance framework, you won t have an organized and cost-effective way to defend against these exploits and zero-day attacks, and you may face a disastrous breach. 90% of transactions still take place in the physical store. 4 4 A.T. Kearney, Omnichannel Shopping Preferences Study, July 2014 PREVIOUS PAGE NEXT PAGE BACK TO TABLE OF CONTENTS 6

7 To secure your store access methods, retailers should consider extending the security perimeter from the LAN or premises to the network with cloud-based firewalls that offer significant benefits: Eliminate patchwork security architectures that create vulnerabilities and single points of failure Enable Network Service Provider (NSP) optimization to eliminate security software updates and patching requirements Implement next-generation security controls: sandboxing, data loss prevention and application control Reduce complexity and simplify the security infrastructure Streamline capex and opex without sacrificing performance through cloud-based security THE BRICK AND MORTAR SOLUTION: ADOPTING ADAPTIVE NETWORK SECURITY ARCHITECTURES 58% of retailers cite malware as the greatest security risk for Level 3 Adaptive Network Security is a high-performance, cloud-based firewall with next-generation security capabilities for brick and mortar as well as mobile-device-connected end users. It even helps prevent damaging attacks, like ransomware, from being executed on critical systems by detecting malware infections and phishing attacks. The Adaptive Network Security solution connects to regionally located cloud gateways and blocks packets that contain malware while also scanning traffic for packets with unusual traits. 5 Retail Info Systems News, Business-Driven Security, July BACK TO TABLE OF CONTENTS PREVIOUS PAGE NEXT PAGE

8 When suspicious activity is detected, Adaptive Network Security scans the packet against a constantly updated profile of malware characteristics. If the malware doesn t match known characteristics, the solution allows it to execute in an environment that mimics the intended target. If the packet is malicious, Level 3 updates the list of known bad actors (master profile registry), which is then globally updated throughout our network of security gateways so that everything landing on the bad actor list is blocked. Level 3 Adaptive Network Security can also help add a layer of protection for in-store Wi-Fi systems, which are vulnerable to attacks and infiltration. of retailers cite in-store Wi-Fi Beyond just following the PCI DSS for Wi-Fi, retailers must implement 42% technology as posing the greatest supplementary security measures to help protect both customers and security risk in employees using in-store Wi-Fi. By offering intrusion protection and detection, web content filtering and sandboxing, Adaptive Network Security enables retailers to do just that. Success Story: Level 3 Stops PoS Malware for Brick and Mortar Customers Point-of-sale (PoS) malware has proven to be a lucrative business across the globe, leaving breached retailers to fight a war of both reputation and liability. As PoS systems are targeted with greater frequency, malware developers are creating new strains at a breakneck pace. And with the slow rate at which U.S. merchants are transitioning to EMV chip and PIN technology, bad actors are only encouraged to more aggressively target retailers. The PoSeidon malware family, first discovered in early 2015, was created to scrape credit card data found on compromised Microsoft Windows PoS systems, install a key logger and transmit captured data to exfiltration servers. Shortly after media coverage expanded, Level 3 s Threat Research Labs began tracking network traffic for the IP addresses associated with the PoSeidon malware domains. DID YOU KNOW Level 3 monitors 1.7M infected machines daily, 1M+ malicious packets per day, 1000 Command and Control Servers per day. 7 6 Retail Info Systems News, Business-Driven Security, July As reflected by the Level 3 Threat Research Labs and Security Operations Center 8 Level 3 Communications Blog: Beyond Bandwidth, Swipe at Your Own Risk: What You Need to Know to Combat Point of Sale Malware PoSeidon, May 2015 By analyzing data, netflows and traffic behavior, Level 3 found previously unknown C2 servers and exfiltration servers that were part of the PoSeidon botnet. More importantly, Level 3 took actions on our network to immediately and proactively block these new malicious IP addresses and protect our retail customers, while notifying the industry to do the same based on our discoveries. Learn more about PoSeidon. 8 PREVIOUS PAGE NEXT PAGE BACK TO TABLE OF CONTENTS 8

9 ecommerce AND ONLINE CHANNELS: Stop Cyber Attacks and Keep Online Channels Up and Running From distributed denial-of-service (DDoS) attacks to malware, ransomware and data breaches, there are numerous attack vectors across the omnichannel that require advanced defenses. For most retailers, ecommerce has become the fastest growing sales channel and plays an important role in enhancing the customer experience and capturing valuable analytics. 44% of retailers experience over 50 cyber attacks each month. 9 Online channels are particularly vulnerable to DDoS cyber attacks, which attempt to block customers from accessing your web-facing assets. A successful attack can severely impact your bottom line while also damaging customer confidence in your brand. That s why many retailers are increasing DDoS defenses to help ensure application availability, website uptime and infrastructure accessibility to protect the network year-round. By leveraging a multi-layered security approach, retailers can take the necessary steps to escalate their network security and keep websites up and running. And with DDoS attacks growing in size, frequency and sophistication, it s critical to work with a provider that not only has the ingest capacity but can also provide a proactive security approach to defend against advanced network threats. This approach is critical, as many Layer 3 and Layer 4 volumetric attacks disguise Layer 7 attacks into the retail network to steal sensitive company and customer data. Level 3 can rapidly deploy a multi-layered, carrier-agnostic DDoS Mitigation service to help safeguard your infrastructure and web-facing assets, keeping them available 24/7. With 4.5TB of ingest capacity and nine global scrubbing centers, we mitigate more than 140 DDoS attacks per day for organizations around the globe. 9 Internet Retailer, E-commerce Sales Grow Six Times Faster for U.S. Top 500 Merchants than Total Retail Sales, April 13, 2015ics Report, 2015 PREVIOUS PAGE NEXT PAGE BACK TO TABLE OF CONTENTS 9

10 Leverage Threat Intelligence to Better Protect Your Websites For enhanced visibility into online threats, retailers should leverage threat intelligence to help detect malicious activity against their web-facing assets beyond traditional ecommerce security measures. Level 3 SM Adaptive Threat Intelligence proactively monitors traffic in near real-time for malicious activity between the retail website and known bad IP addresses on the internet. We will then alert you when suspicious activity is detected. For example, the alert may indicate that your website has been compromised (e.g., due to an unpatched vulnerability) and is communicating with a command and control infrastructure and its botnets. Adaptive Threat Intelligence can also alert retailers to early indicators that a known bad actor is scanning the website for vulnerabilities to exploit, so we can notify you before attackers compromise your online properties. 86% of websites contain at least one FACTOID: Botnets represented 83% serious vulnerability. 10 of all ecommerce fraud attacks in the U.S. in Success Story: Level 3 Prevents Global Retailer from Holiday DDoS Extortion Attack Cyber extortion where companies must pay a ransom or risk a crippling attack is on the rise for retailers. In this case study, an anonymous criminal source demanded an undisclosed amount of money from a global specialty retailer via the threat of an impending DDoS attack. If left unchecked, the threat had the potential to take the company offline, costing them substantial revenue loss during the busiest time of year. The retailer had to determine whether to rely on its own security defenses or pay the attackers. The choice was clear they called Level 3 to take control of the situation. Level 3 first initiated DDoS mitigation counter-measures to stop bad traffic from passing through the retailer s network without taking the company offline. Once the counter-measures were in place, the Level 3 SOC used its proprietary threat analytics tools to analyze the customer traffic flow data. Threat analytics tools allowed the Level 3 SOC to fine-tune counter measures by defining the attack type and isolating the source and destination of the attack. The SOC team then monitored the customer s network for 24 hours to make sure the attack was completely over. Once the attack subsided, the Security Solutions Architect team helped deploy a permanent DDoS mitigation solution to divert contaminated traffic to scrubbing centers for cleansing. By working with Level 3, the retailer was saved from devastating revenue and brand reputation loss during the critical holiday shopping season and had the defenses in place to combat advanced DDoS attacks in the future. Learn More 10 WhiteHat Security, 2015 Website Security Statistics Report, PYMNTS/Forter, Global Fraud Attack Index, Q BACK TO TABLE OF CONTENTS PREVIOUS PAGE NEXT PAGE

11 CONTACT CENTER CHANNEL: Protect Against Fraudulent Callers To increase customer loyalty and gain a competitive advantage, retailers strive to provide the best 45% growth in call center fraud from 2013 to possible customer experience. As a key touchpoint, contact centers are a personal way to resolve issues and increase sales, with retailers making investments in technology features that provide enhanced service and customer experience. But contact centers are also a doorway into fraudulent activity and social engineering aimed at stealing customer data especially during the holiday season and New Year. These activities can be costly for retailers, who are liable for both fraudulent chargebacks and the cost of the lost inventory. And since both criminals and friendly fraudsters take advantage of less personal encounters in the contact center, the risk of chargebacks is greater in a card-not-present (CNP) environment. Unfortunately, many retail organizations don t secure contact centers as well as online or brick and mortar channels. The October 2015 EMV liability shift has also contributed to increased contact center fraud. In the U.K., fraud for CNP transactions increased from 30 to 69 percent of total card fraud between 2004 and Today s attackers also use the contact center to gather and test acquired data before migrating to other channels using a credential they ve attained from a contact center agent via social engineering. After all, contact center agents can be especially susceptible to fraud attempts since they are focused on providing a positive customer experience and keeping callers happy. The solution for retailers is not only to provide better agent training, but also to invest in technologies that eliminate the human single point of failure. By implementing next-generation security defenses as part of their overall corporate security strategy, retail organizations can improve their ability to protect against attacks and contact center fraud throughout the year. Secure Contact Centers with Layers of Defense For the best defense, retailers are leveraging cloud-based contact center platforms that easily integrate advanced authentication and fraud detection/prevention technologies to provide real-time information and actionable insight. And with cloud-based Level 3 Contact Center Services, retailers can do just that seamlessly enabling customized business responses and advanced features to help reduce exposure in CNP channels. 13 Pindrop, 2016 Call Center Fraud Report, Financial Fraud Action UK, Fraud the Facts 2015, 2015 PREVIOUS PAGE NEXT PAGE BACK TO TABLE OF CONTENTS 11

12 A Powerful Combination for Retailers By implementing authentication as well as fraud detection/prevention technologies in the contact center, retailers can better prevent fraudulent chargebacks, reduce costs and streamline security strategies, while also securing customer data and maintaining brand trust. Authentication The authentication process determines if a caller s Automatic Number Identification (ANI) is spoofed. Authentication takes place during the ring cycle, so every customer s identity can be verified before their call is even answered. Any calls deemed suspicious can be immediately routed to forewarned staff for closer scrutiny. The solution proactively defends against attacks by examining the validity of the calling party number, determining if the ANI is spoofed and applying a risk score based on 30 call attributes. Fraud Detection and Prevention Detecting and preventing contact center fraud takes place after an agent answers the call or when the caller communicates with an interactive voice response (IVR) system. The solution analyzes the number, matches it against an extensive database of known ANI s from fraud gangs around the world, and returns a real-time fraud risk score for each call. If the number doesn t appear in fraud databases, the solution listens to the first seconds of a call for irregularities and returns a score that indicates the probability of fraud. How Level 3 Helps Reduce Contact Center Fraud: A Use Case Retailers with customer-facing contact center agents are under constant attack by fraudsters using the phone channel to conduct advanced social engineering and fraudulent transactions. Let s take a look at how a retail organization could leverage advanced fraud detection/prevention capabilities to help reduce annual exposure in the contact center: A best-in-class retailer needs help mitigating ongoing annual exposure of almost $15M in contact center fraud and decides to turn to Level 3 to help implement a cloud-based fraud detection solution that seamlessly integrates with their existing Level 3 Contact Center Services platform. To gain buy-in from the C-suite, Level 3 applies the advanced fraud detection technology to previously recorded calls and flags agent conversations that need to be investigated further by the retailer s internal security team. A blind test of Level 3 s solution on this previously collected call data accurately flags fraudulent calls consistent with known estimated losses and also alerts the retailer to previously unknown fraud attempts. Based on these results, the retailer then decides to activate the easy-to-implement fraud detection technology on Level 3 s cloud-based platform and applies the technology to live contact center calls that helps stop fraud in real-time. As a result, fraud in the contact center begins to decline by adding layers of advanced security defenses that allow the retailer to better detect and mitigate attacks. PREVIOUS PAGE NEXT PAGE BACK TO TABLE OF CONTENTS 12

13 INVEST IN NEXT-GEN DEFENSES TO BETTER PROTECT THE OMNICHANNEL Today s retail organizations are constantly under attack from sophisticated cyber criminals. As fraudsters find new methods to attack brick and mortar, ecommerce and contact center channels, you need comprehensive security that integrates across your retail network. And it s important to remember that PCI compliance doesn t equal comprehensive security. To stop threats and better safeguard your omnichannel environment, you need a holistic solution that couples global visibility with layers of advanced protection. When you team up with us, you re in good company. Level 3 helps secure your omnichannel retail operations with 98% of decision-makers recognize integrated platforms can deliver better security than point solutions. 14 network- and cloud-based security to combat today s evolving cyber threats. And we consistently meet the needs of top national and global retailers: 8 of the Top World s Most Valuable Brands 8 of the Top Top U.S. Retailers by Revenue 8 of the Top Fastest Growing U.S. Retailers 8 of the Top Most Popular Online Retailers For more information on how Level 3 can enable omnichannel retail, please visit our Retail Network Solutions page. Let Level 3 help you build layers of security across your omnichannel environment. 14 A commissioned study conducted by Forrester Consulting on behalf of Zscaler, March Forbes, World s Most Valuable Brands, May NRF, Top 100 Retailers 2016, June NRF, Hot 100 Retailers 2015, Aug NRF, The Favorite , Sept PREVIOUS PAGE BACK TO TABLE OF CONTENTS 13