A new approach to cyber security: retail industry
12 March 2018
Author: Matt Walmsley, EMEA director, Vectra
Everyone likes a bit of retail therapy - even criminals. While most of us are happy to load up on new clothes, electronics or beauty products from our favourite ecommerce site, hackers visit the same sites seeking a different sort of merchandise altogether.
The huge volumes of valuable data created by online shopping, loyalty schemes and digital marketing represents a honeypot for the world’s hackers and criminals. This wealth of sensitive information promises easily-monetised riches and the opportunity to hold retailers to ransom through malware or denial-of-service (DoS) attacks.
Not only are online retailers particularly tempting targets for the world’s cyber criminals, but they are also particularly impacted by a successful attack. Any outage or, worse, loss of data will have an immediate and highly-damaging effect on the reputation they have worked so hard and long to build - not mention the potential for crippling fines provided for under the GDPR.
At the same time, however, margins are often slim and retailers have relatively modest resources to throw at security compared to, say, financial services institutions. Again, making them attractive targets to cyber criminals.
According to the Information Commissioner’s Office (ICO), the number of retailers suffering data breaches doubled last year - from 19 in 2015/16 to 38 in 2016/17. The victims included household names, such as Sports Direct and Debenhams; but the risk isn’t restricted to large retailers. As smaller, specialist sellers look to rival larger brands, they will invariably introduce loyalty programmes and other digital initiatives, therefore, inevitably making themselves, and their digital supply chain suppliers targets for hackers.
With traditional retail going through huge digital transformation projects and moving towards the “bricks ‘n’ clicks” model, you’d have thought that cyber security would be a key priority for every ecommerce organisation. Yet, it still seems that far too few retailers are taking this threat seriously.
Research by gov.uk last year found that less than two fifths of directors or senior managers in the retail and wholesale sector say that cyber security is a high priority for their organisation. While this figure is higher than other industry sectors, on the other hand, there are also so many more opportunities for crime in the retail sector. This ranges from return and refund fraud, phishing attacks and point-of-sale malware, to DoS and phone-based social engineering attacks.
Given that cybercrime cost the UK retail industry £613 million in 2016 (a figure which will surely rise when last year’s figures are released), however, we would expect it to be at the top of every retailer’s agenda.
Of course, it’s easy to deplore this supposed complacency from the outside. In reality, retailers are under a huge number of pressures - from rising wages, the difficulty of attracting and retaining skilled technical staff, significant increases in business rates, new legislation such as the GDPR, and the uncertainty that Brexit brings.
Also of interest: Petya, NotPetya - the rise of ransomware
A new way of catching criminals
One of the biggest problems facing retailers, is that criminals have become adept at cloaking their attacks. Perimeter security is no longer enough to deter or catch determined hackers. While malware can get past defences by mimicking benign traffic, once within the network attackers must behave in certain ways in order to carry out their tasks. While these patterns of behaviour have been successful, they also represent an attacker’s key weakness.
What’s needed is a new model of cyber security: one that employs the latest advances in artificial intelligence (AI) and machine learning. If organisations can immediately spot the tell-tale behaviours of active attackers, then they will be able to isolate and eradicate them before they wreak havoc across the business.
Thanks to AI, automation and machine learning, a new generation of security tools are able to detect and respond to the hidden cyber-attackers that have defeated the corporate defences. When it comes to fighting cybercrime, speed is of the essence. Thanks to new technologies such as these, retailers are much more likely to identify attackers before they’ve had the chance to ‘shoplift’ data or infect systems and devices.
By dramatically reducing the time to detect, understand, and resolve cyber incident before they impact their business, retailers can safeguard their revenue and profitability, brand reputation and, perhaps most importantly, their customers’ loyalty.
Also of interest: Endpoint security - is it enough?
Case study - Shop Direct
Shop Direct is the UK’s second-largest pureplay digital retailer. Encompassing brands such as very.co.uk and littlewoods.com, it has almost £2 billion in annual sales and four million active customers. Starting life as a catalogue retailer, Shop Direct is a poster-child for digital transformation. However, with success come with risk. The 1.3 million daily visitors generate an enormous amount of data that is hugely attractive to cyber criminals.
Liam Fu, head of information security at Shop Direct not only recognises the evolving threat landscape but also, the importance of having a holistic view of its network. “Every organisation at some point is subject to a breach, incident or cyber event” he comments. The very nature of cyber-attacks today mean that it isn’t a case of ‘if’ but ‘when’ you will experience a breach.
“The ability to quickly and accurately detect and respond to threats is paramount”, Fu continues.
Retailers need to be able to detect and isolate threats in order to know what they’re up against, and respond accordingly. For regulators, the way you respond after a reach is critically important which is why closing the gap between compromise and detection, is so important.
Automating the labour-intensive task of threat-hunting will reveal where attackers are hiding and what they are doing. Powered by the latest advances in AI and machine learning, the new generation of IDPS can instantly prioritise the highest-risk threats by identifying the tell-tale behaviours. Threats are then automatically scored and correlated with compromised hosts, providing a narrative of developing attacks.
The use of AI and automation reduces the workload of retailers’ security operations centre (SOC) teams, to speed-up incident response times. At the same time, machine learning ensures that the system becomes increasingly adept at spotting unique local threats.
Such systems are not a singular panacea to the problem of cyber-attacks; they must dovetail with other security technologies both at the perimeter of, and within the corporate network. The principle of identifying attackers by their behaviour represents a step-change in the way that retailers and other businesses can combat criminals.
Online shoppers place a premium on speed and convenience, but the same courtesy should not be extended to those whose aim is to steal, damage, or hold retailers to ransom. Thanks to these new models of threat identification - and the technologies that underpin them - retailers can make life much more difficult for hackers, helping to safeguard their data, and their reputation.
Check out the live tweets of wisdom from TEISS2018 here