Partner Program Overview
Designed to deliver unparalleled customer value and accelerated mutual growth by harnessing partner expertise and ColorTokens cybersecurity technology.Learn More
Although e-commerce sites are frequent targets of cyberattacks, few people pay attention about cybersecurity while shopping in a brick-and-mortar store. But physical retail outlets also need to be cyber smart because cybercriminals do target offline retailers. In August 2019, supermarket chain Hy-Vee disclosed a point-of-sale (POS) system security breach that exposed the payment details of 5.3 million payment cards.1 The popular retail chain Target was the victim of a POS attack in 2013 that exposed the payment card data of 40 million holiday shoppers.2
Data hacks like these not only tarnish brands, but they also have huge financial costs. Cybercriminals used POS malware to steal the transaction data of 40 million Home Depot customers in 2014. This year, Home Depot paid $15.5 million to settle claims over the data breach.3
To prepare their networks adequately against cyberthreats, brick-and-mortar store owners need to know why hackers target retailers. These are the top reasons:
The most common vulnerabilities that make storefront retailers easy targets for cybercriminals are:
Hackers can easily exploit an unpatched, unsecured POS system with malware designed to steal payment card and financial data. Sophisticated malware can also move laterally and infect a retailer’s IT network and critical databases.
It’s not unusual for retailers to run their systems and processes on legacy software. Using outdated or unsupported software and applications is a security risk. If there are vulnerabilities in legacy software, no patches or security updates will be available for them, leaving a retailer’s network vulnerable to major attacks.
Employees can turn into liabilities instead of assets if a retail store owner fails to train them in cybersecurity best practices. Some of the human errors that weaken a retailer’s security posture are unauthorized use of the company’s digital resources, like using devices for non-work purposes, and storing sensitive information in data sticks without password protection. Cybercriminals are also aware of these potential weak links, and they deploy phishing and social engineering tactics targeting employees to infiltrate networks.
The retail industry has a high employee turnover rate, and it also relies on seasonal employees, especially during busy periods like the holiday shopping season. Disgruntled former and current employees can steal sensitive information and sell it themselves or be lured by hackers to grant backdoor entry into a retailer’s network.6 A PwC report estimates that current and former employees are the likely sources of 30% and 26% of security incidents affecting organizations, respectively.7
Retailers provide suppliers, distributors, contractors, and consultants with trusted access to their ecosystem. The security practices of these third-parties might not be robust enough. The PwC report cited above attributes 19% of security incidents to third-parties. Sophisticated attack vectors that gain access to an affiliate’s network can also spread to the retailer’s assets.
Retailers need to ward off cybersecurity threats not just to protect their customers’ sensitive data and PII but also to ensure business continuity. To secure their critical assets and avoid falling victim to a cyber incident, these are some steps that brick-and-mortar retailers should take.
While PCI-DSS principles go a long way in protecting customer card data, an endpoint security solution like ColorTokens Xprotect provides more meticulous protection to retailers. Xprotect enables security teams to lock down infected POS systems using application whitelisting technology that allows only authorized processes to run. Enabling process lockdown can protect POS systems from zero-day attacks, file-less malware, advanced persistent threats (APTs), and ransomware.
Retailers should educate their staff about cybersecurity best practices to make them aware of device usage policies, data encryption requirements, and phishing attacks. Store owners can manage third-party risks by verifying the security posture of affiliates. They should bring onboard entities only after they complete the required cybersecurity certifications.
Retailers need to implement stringent data access controls to protect against known and unknown threats. Adopting zero trust principles is a proactive security approach. It minimizes the attack surface and limits access to data and applications only to authorized and authenticated users. ColorTokens Xtended ZeroTrust™ Platform helps retailers comply with regulatory mandates and protects their networks from insider threats.
Without visibility into East-West server traffic, it is almost impossible to detect hackers once they gain access to the network. ColorTokens Xshield provides granular visibility and control over network communications and server traffic. With cross-segment traffic visibility, a retailer’s security team can detect suspicious behavior and inspect affected systems or applications. Complete visibility also simplifies PCI-DSS compliance and reduces the scope of audits.
Retailers should secure sensitive and critical assets — such as POS systems, cardholder data, servers, CRM, and databases — by isolating them with the help of micro-segmentation. In the event of a breach, the security team can isolate these critical assets and block lateral movement, effectively reducing the attack surface. ColorTokens Xshield enables software-defined micro-segmentation that creates logical segments without complex rules and configuration.
Retailers should prepare to protect their brands and their businesses by adopting the proactive zero trust security model, which encompasses micro-segmentation, granular access control, and continuous monitoring of network traffic. Zero trust security can help retailers reduce their attack surface and protect their networks from inside and outside threats. Learn about our solutions for the retail industry here.