Retail Security in a World of Digital Touchpoint Complexity

Similar documents
THALES DATA THREAT REPORT

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

Verizon Software Defined Perimeter (SDP).

AND FINANCIAL CYBER FRAUD INSTITUTIONS FROM. Solution Brief PROTECTING BANKING

Securing Digital Transformation

Teradata and Protegrity High-Value Protection for High-Value Data

EMPOWER PEOPLE IMPROVE LIVES INSPIRE SUCCESS

The Windstream Enterprise Advantage for Banking

AT&T Endpoint Security

6 Vulnerabilities of the Retail Payment Ecosystem

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

2017 THALES DATA THREAT REPORT

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)

Cisco Adaptive Wireless Intrusion Prevention System: Protecting Information in Motion

Securing Your Most Sensitive Data

The State of Cybersecurity and Digital Trust 2016

From Russia With Love

SECURING DEVICES IN THE INTERNET OF THINGS

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Express Monitoring 2019

Section 3.9 PCI DSS Information Security Policy Issued: November 2017 Replaces: June 2016

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

THALES DATA THREAT REPORT

Security by Default: Enabling Transformation Through Cyber Resilience

Meeting FFIEC Meeting Regulations for Online and Mobile Banking

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

A Guide to Closing All Potential VDI Security Gaps

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

PCI Compliance Updates

Angela McKay Director, Government Security Policy and Strategy Microsoft

Privileged Account Security: A Balanced Approach to Securing Unix Environments

Office 365 Buyers Guide: Best Practices for Securing Office 365

SECURITY PRACTICES OVERVIEW

Keys to a more secure data environment

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

locuz.com SOC Services

Simplify PCI Compliance

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Emerging Technologies The risks they pose to your organisations

Internet of Things Toolkit for Small and Medium Businesses

The Emerging Role of a CDN in Facilitating Secure Cloud Deployments

The Cyber Threat. Bob Gourley, Partner, Cognitio June 22, How we think. 1

Converged Cloud and Digital Transformation: A Strategy for Business Success

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

University of Sunderland Business Assurance PCI Security Policy

DIGITAL TRUST Making digital work by making digital secure

Panda Security 2010 Page 1

Managing Cyber Risk. Robert Entin Executive Vice President Chief Information Officer Vornado Realty Trust

WHITEPAPER HEALTHCARE S KEY TO DEFEATING CYBERATTACKS

Go mobile. Stay in control.

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

The Honest Advantage

HEALTH CARE AND CYBER SECURITY:

Cybersecurity Session IIA Conference 2018

Cisco Start. IT solutions designed to propel your business

Personal Cybersecurity

Cyber Risks in the Boardroom Conference

Securing Today s Mobile Workforce

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS

THE CYBERSECURITY LITERACY CONFIDENCE GAP

Safeguarding company from cyber-crimes and other technology scams ASSOCHAM

Cyber Security Technologies

Data Management and Security in the GDPR Era

Comprehensive DDoS Attack Protection: Cloud-based, Enterprise Grade Mitigation F5 Silverline

Designated Cyber Security Protection Solution for Medical Devices

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

DDoS MITIGATION BEST PRACTICES

The Top 6 WAF Essentials to Achieve Application Security Efficacy

ENDPOINT SECURITY WHITE PAPER. Endpoint Security and the Case For Automated Sandboxing

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015

Service Provider View of Cyber Security. July 2017

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

Sage Data Security Services Directory

Spotlight Report. Information Security. Presented by. Group Partner

CyberArk Privileged Threat Analytics

Transforming the Network for the Digital Business

EBOOK. Stopping Fraud. How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats.

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

STOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions.

How to Create, Deploy, & Operate Secure IoT Applications

Motorola AirDefense Retail Solutions Wireless Security Solutions For Retail

Cisco Connected Factory Accelerator Bundles

THE IMPLICATIONS OF PERFORMANCE, SECURITY, AND RESOURCE CONSTRAINTS IN DIGITAL TRANSFORMATION

The Oracle Trust Fabric Securing the Cloud Journey

PROTECTION FOR WORKSTATIONS, SERVERS, AND TERMINAL DEVICES ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

Secure Access & SWIFT Customer Security Controls Framework

Transforming Security from Defense in Depth to Comprehensive Security Assurance

GDPR Update and ENISA guidelines

Accelerate Your Enterprise Private Cloud Initiative

2015 VORMETRIC INSIDER THREAT REPORT

Total Security Management PCI DSS Compliance Guide

Defensible and Beyond

SELLING YOUR ORGANIZATION ON APPLICATION SECURITY. Navigating a new era of cyberthreats

Securing the Internet of Things (IoT) at the U.S. Department of Veterans Affairs

Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank

THE IMPACT OF SECURITY ON APPLICATION DEVELOPMENT. August prevoty.com. August 2015

CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018

Transcription:

Retail Security in a World of Digital Touchpoint Complexity Author Greg Buzek, President of IHL Services Sponsored by Cisco Systems Inc. Featuring industry research by

Previously in part 1 and part 2 of our series, we discussed how critical it is for retailers to have an updated and optimized network infrastructure and how IoT opportunities in retail can enhance the customer experience and improve operational efficiencies. Here we discuss why the mindset of security as a first thought and not an afterthought is absolutely crucial to the success of retailers going forward. As you are well aware, retailers face attacks both in the physical world and in cyberspace all day every day as one of the most targeted industries for organized crime groups and hackers. And with the breadth and depth of the threats, it is best to work with a primary vendor who understands and can provide an integrated security plan for all of your touchpoints so you can stop attacks at the edge, protect your users, control who gets on the network, simplify your administration, find and contain problems quickly when they occur and provide for continuous monitoring. It is important to note, however, that a complete and integrated security plan is not just about cybersecurity or data security alone but is inclusive of both physical security that protects both you as a retailer, your customers and suppliers. In fact, let s look at physical security first. First and foremost, there is a need for systems that protect the physical security of your customers. This can include security personnel, security cameras, and proper staffing to physical barriers and access control to keep everyone safe. Next, there is security and safety for your own employees either at stores, warehouses, and home offices. Once again, this plan includes cameras, access control systems, time and attendance systems and physical protection. Then there is security for loss prevention that affects both employees and customers. These systems will include CCTV, behavioral analytics, cashier monitoring, checkout cameras, motion and lighting systems and electronic article surveillance along with a human team of LP professionals. Retailers lose between 1-2% of revenue annually due to shrink (either inventory losses or cash theft), and 60% of that comes with employee involvement. 1 Then there is a security of cash and receipts where smart safes, vaults, and armored personnel carriers play a role. And finally, there is physical security to protect against false legal claim from consumers and employees, more commonly known as slip and falls. All of these areas of security have both physical and systems components. When it comes to cybersecurity there are many facets as well. Just as physical security has an IT portion, cybersecurity has both physical and cyber components. And as retailers move to improve the customer experience and operations through IT, the vast array of digital touchpoints that are added can create a dizzying number of IP connected touchpoints that must be secure or will cause a data breach and many time- consuming and financial complications for retailers. This is specifically true with the proliferation and types of wireless touchpoints, from your own internal systems, including internal WiFi, dedicated frequency

communications devices, Bluetooth, and WiFi hotspots for customers and suppliers. The one area of cybersecurity that is most prevalent, yet unfortunately takes up way too much of the security budget due to regulations is payment security. IHL research reveals that a typical retailer spends 14% of their IT budget on things related to security. And the percent related simply to credit card or PCI security ranges from 37-55% of the total of that security budget depending on the segment. And the fact that PCI takes so much of budget and causes delays, 71% of retail executives say cybersecurity concerns impede innovation. Payment security certainly spans the stores as well as online and mobile payment security as well. Many retailers have moved to a complete payment network that is separate from their other network. Additionally, tokenization of transactions and Peer-to- Peer encryption are best practices in an effective plan to protect payment data. But payments are not just an issue at the store. There is also the ecommerce side of payments and then the combined store/ecommerce part of Buy Online and Pickup In Stores (BOPIS). As hackers get more sophisticated, payment card fraud that used to be at the checkout lane has moved online. And specifically, with BOPIS, recent research has shown that fraud rates have increased 250% since EMV was implemented. 2 Hackers are exploiting the fact that a chip authentication is not needed for BOPIS, since only a receipt is required for a store pickup. To protect themselves, smart retailers have deployed ID scanners that verify ID before pickup. But cybersecurity doesn t stop at the need to protect just credit card information. There are also trade secrets, sensitive intellectual property, operational expertise and procedures and as well as other customer and employee data that also need to be protected. And the increase of touchpoints as well as the ability for systems to interact with people bring the need for an overarching and integrated plan for security. In both physical and cybersecurity, a truly integrated security view has a plan for protection before, during and after a potential attack. Before an attack The before stage is where most of the planning happens. This includes the development and deployment processes and procedures that

ensure both physical and data security are considered. In physical security this can range from cameras and EAS installations to hiring practices and fraud detection and anti-theft practices, alarm and access control systems and physical loss prevention and security personnel. On the cybersecurity front this includes such items as web reputation and filtering, monitoring of SaaS and software vulnerability, port scans and limitations, locking down peripherals and having segregated networks for key network traffic to name a few. All are critical components of an integrated security plan. As a play on an old adage, Those who fail to plan, plan to be hacked. Policies, reporting, and logs to any exceptions to policies with continual monitoring to provide visibility on behavior anomalies within the network or physical premises to stop attacks from spreading. And it bears noting here as well, cybersecurity planning does not need to be all about playing defense. It is also about putting into place the systems to enable the growth objectives that the company wants to achieve, understanding that nothing will do more damage to your brand than a failure to keep a customer s data and personal identify safe. During an attack Despite the most well-designed plans for protection, attacks will happen and some might actually be successful. Smart retailers have a plan in place to detect, thwart, and then mitigate any attacks. Some key components of this portion of the plan are the following: Artificial Intelligence and threat detection intelligence Antimalware systems File reputation systems Cloud data loss prevention Trusted partners that help monitor and test for vulnerabilities and monitor traffic abnormalities. Find and contain problems fast. Mitigation and procedures to shut down attacks from spreading. Generally good plans encompass the following aspects: Stop threats at the edge Protects users and customers wherever they work Control who gets into your network and what devices can connect Simplify the network management and segmentation process Without question you will be probed and attacked. Your systems are being probed right now. And with the growth of IoT there are more and more places for an attack to start. And being PCI compliant has little resemblance to actual security, even in regards to payment data. Industry research has shown that over 80% of the companies that had a major data breach of credit card data were certified PCI compliant within a few months before the start of the breach.

After an attack Once you find, stop and remove malicious content, a proper plan must be in place to fix issues going forward as well as what is shared and with whom depending on the type of attack. Security should be an integrated strategy to produce the right business outcomes. And if we need to stress the importance further, a recent study from Deloitte showed that 73% of customers would reconsider shopping at a company if it failed to keep their data safe. The network is the foundation of truly integrating your retail ecosystem with digital technologies and is only growing in importance with the expansion of IoT, edge computing and cloud initiatives across the entire retail journey. Leverage automation and assurance to plan and simplify your security practices.. Have the right plans and systems in place for security and compliance that provide real-time threat defense and mitigation. It is time to let the network drive business innovation. Forward distribution is forbidden without written consent. If you wish to forward distribute please contact ihl@ihlservices.com or +1-615-591-2955 At the top level is a communication plan in place for informing necessary parties of the impact of any attacks. This can be internal only or if it involves customer or payment data, external law enforcement and credit authorities. Internally, best practices should include sharing with management reports and log extraction data then further preparing for and mitigating any future attacks. This can be done by deploying and adding to SaaS anomaly detection, further focusing on file sandboxing and inspection processes and the deployment of cognitive threat analytics to understand the blueprint of the attack so that it can be protected against in the future. Sources: 1 2018 National Retail Security Survey 2 Renfrow, Jacqueline (2018, July, 2) BOPIS fraud is up 250% in 1 year. Can retailers protect their profits without losing customers? https://www.fierceretail.com/bopisfraud-up-250

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback