By Corey Nachreiner, WatchGuard
Security in retail is always an important element to a successful business, not only to meet PCI compliance but to ensure customers have a positive, productive shopping experience every day.
Our WatchGuard security team recently spent time imagining what the threat landscape might look like in the coming year and identified the top 2016 security predictions.
Advertisement
For retail organizations, there are five relevant security threat trends to consider and plan for this year:
1. Social Engineering Keeps People As Your Biggest Threat:
Recent advanced network breaches, including the infamous Target attack, have one thing in common: they all started with spear phishing the user. Cyber criminals target specific users with customized social engineering tactics to trick trusting or naive individuals into giving up access privileges. We recommend providing employees with security awareness training that includes the latest social engineering techniques.
2. Security Breaches Go Back To Basics:
A majority of successful security attacks — especially ones against smaller targets — still rely on the basics. There is a silver-lining: no matter the size of your shop, if you concentrate on following basic security best practices such as keeping software up to date and using basic security controls like Gateway Antivirus (GAV) or Intrusion Prevention Services (IPS), you will avoid a majority of the attacks in 2016.
3. Malware On iOS Will Rise:
Google’s open platform strategy has translated into more threats against Android devices than Apple’s iOS. Last year, cybercriminals infected Apple’s development platform. We believe criminals will continue to exploit this attack vector to sneak malware onto Apple’s official marketplace. This may be important to watch for if you have an iOS app for your business, or one of the many mobile payment systems available for the popular device.
4. Hijacked Firmware Attacks The Internet Of Things:
When a hacker hijacks a computer, their plan is usually to make sure that malicious code stays on the device. However, hijacking the Internet of Things (IoT) is a different story. Most IoT devices don’t have local storage and have few resources, so getting code to stick involves modifying the firmware. In 2016, we expect to see proof-of-concept attacks that permanently modify and hijack the firmware of IoT devices, such as POS systems, inventory management devices or even temperature control. If you use IoT devices in your retail environment, be sure to keep their firmware up to date as well.
5. Wireless “Ease-of-Use” Features Expose The Next Big Wireless Flaw:
It’s a no-brainer. Setting up a hotspot for your customers means they spend longer in your shop. However, be aware that an “ease-of-use” feature to access WiFi can clash with real-world security. For example, vendors are adding new wireless usability features, such as Microsoft’s WiFi Sense. I expect the next wireless vulnerability to involve an ease of use feature that enables users, and hackers, to easily join a wireless network. Don’t be afraid to set up a wireless hospitality network for your clients, just be sure to do so using the latest WiFi security best practices.
For retailers, whether you’re a brick-and-mortar or virtual organization, it’s important to adopt and follow basic security best practices. It’s also important to evaluate the threat management tools in place to secure the network and protect your sales organization — throughout the year. For in-depth analysis on security trends, news and information, please visit the WatchGuard Security Center blog.
Cory Nachreiner is Chief Technology Officer for WatchGuard, spearheading its technology vision and direction. Previously, Nachreiner was the Director of Strategy and Research at WatchGuard. Nachreiner has operated at the front line of cyber security for 16 years, and for nearly a decade has been evaluating and making accurate predictions about information security trends. He is a regular contributor to leading publications including GeekWire, CNET, Dark Reading, eWeek, Help Net Security, Information Week and Infosecurity, and delivers WatchGuard’s “Daily Security Byte” video on Facebook.
