Big retailers' scale makes cybercrime a tough battle
With its endless point of sale endpoints, the retail industry has always been a desirable target for cybercriminals. They know that if they can introduce malware into point-of-sale networks, they can make a decent amount of cash by selling credit card numbers on the dark web.
With its millions of customers, large retailers like Forever 21 have typically been the hardest hit. Companies must pay up to $172 per stolen record in cleanup costs. A major retailer just paid $18.5 million to address the impact of its 2013 hack, which resulted in 41 million stolen credit cards.
If retail businesses haven’t hardened its IT and point of sale, they should start now to protect themselves from POS malware, ransomware and other threats—especially as we move into the holiday shopping season. They may be running anti-virus software and managed firewalls, but they may or may not be running a strong offense with active monitoring and threat detection.
The following tips will help retailers harden their security stance and protect their infrastructure from POS malware and ransomware: Run a vulnerability scan, and update all operating system and software upgrades and patches immediately; set up a next-generation security system.
Buy, build or borrow the resources to stay ahead of threats and stop ransomware in its tracks with a next-generation firewall that includes rules you configure to control incoming and outgoing traffic and manage it 24/7 to make it effective.
Also, use a security information and event management application to analyze all of your data, filtering out the "noise" or false positives that can make it difficult to detect threat patterns and anomalies that indicate early-stage attacks. The SIEM will issue alerts, so that you can take immediate action when warranted.
Implement a managed detection and response system that will detect incoming and existing malware, whether it is located on a POS system, workstation or network. Set it to automate immediate, direct remediation, which will help with some threats.
Companies should also consider setting up or hiring a managed security service provider that offers a security operations center to do around-the-clock monitoring, evaluation and response of all security alerts. This team can evaluate the universe of threats you face, triage and escalate resources to deal with critical threats on an ongoing basis.
Additionally, companies should leverage the power of machine learning with user entity behavior analysis. This model will do a deep dive on your logs and reports to get better and better at threat detection over time.