It’s an unfortunate truth that the retail industry is a top target for cyber criminals, with POS (point-of-sale) malware, targeting credit and debit card readers or cash registers, on the rise.
Earlier this year, the cyber attacks on US retail giants Target, Neiman Marcus and Michaels Stores – which involved malware on POS systems – had a profound impact on sales and consumer confidence in the safety of credit-card information at POS terminals.
Despite this worrying trend, by translating the same principles of security from the real world to the POS network, a security defence strategy can be put in place to prevent cyber criminals from gaining access to your sensitive, valuable data.
Layers of Defence
This starts with deploying layers of defence in the same way that we would in the bricks-and-mortar store. Information security professionals will architect security systems that provide different perspectives and defensive methods; known as “defence in depth.” A single point of evaluation – or “perimeter defence” – is simply not enough.
Take the Target breach: this began with the cyber attackers logging in with valid and authorised login credentials that had been issued to a trusted HVAC vendor, who either willingly or inadvertently shared them with the attackers. This means that the login was considered authentic to network security systems, and the hacker gained entry with no resistance. The alerting systems set up by Target’s highly regarded information security team did not fail. The user login and password were on the “good list.”
In short, security teams must now operate under the assumption of compromise – that the invaders are ‘past the gates’ – and gain visibility to every endpoint: every laptop, data server and POS terminal within the organisation’s networks in order to proactively hunt for signs of unauthorised or anomalous behaviour.
We should also apply ‘Locard’s Principle’; that is, that perpetrators will always leave behind some indication of their presence. The challenge is to find evidence of the compromise before the initial phase of the attack has been completed and while potential evidence can be captured from volatile data on affected endpoints, then preserved for analysis and, possibly, for delivery to relevant legal authorities. It is only by tracking and reporting on endpoint activity, as well as by deploying perimeter network security, that the security ‘loops’ can be closed.
Recommended Steps to ward off POS cyber security attacks
In summary, the ‘golden rules’ that should be followed are:
• Create an incident response plan and test this regularly.
• Perform a sensitive data audit to find out which and how many instances of sensitive data, such as personally identifiable information (PII), credit-card data and intellectual property, exist on the network, and where they’re stored. This gives you an idea of where the valuable goods are on your network.
• Remove any unauthorised instances of that sensitive data according to your information-governance policies, so that you minimise your exposure.
• Create and regularly update baselines of normal activity for each of those endpoints.
• Assign information security specialists to proactively hunt for anomalies in near-real-time reports of endpoint activity. These are the signs that your network has been breached and the attackers are inside.