Cyber Monday is a critical online event for retailers. Last year, research conducted by Adobe Analytics found that Cyber Monday brought in $9.4 billion in sales, including $3 billion from mobile customers alone. With the ongoing COVID-19 pandemic leaving many customers wary of entering brick-and-mortar stores this holiday season, the expectation is that these numbers will grow as retailers prioritize ecommerce over in-store sales.
Customers will spend Cyber Monday scouring the internet for deals, but they won’t be the only ones on the lookout for a golden opportunity. Major shopping days like Black Friday and Cyber Monday have traditionally been big days for cybercriminals, and they will continue to follow the money in 2020.
In addition to credit card and financial data theft, the recent spike in ransomware attacks represents a significant concern this year, especially as many IT teams continue to operate remotely. Fortunately, there are concrete steps that retailers can take to keep intruders out of their networks. Below are five tips for retailers looking to keep their networks more secure and better protect themselves this holiday shopping season:
1. Keep networks segmented and limit access
Network visibility is critical today. Maintaining continuous visibility to new devices joining the network — and into exposed credentials that create potential attack paths — will be invaluable for preventing easy network access. Making sure that only the right devices are on the correct network segments doesn’t just keep a network orderly — it makes it that much harder for would-be intruders to conduct reconnaissance unnoticed.
Additionally, setting controls so that individuals only have access to the applications and data they need will also serve as a barrier to unauthorized access. Here are a two helpful ways retailers can do this:
- Following the Zero Trust model can be a useful guideline for mapping security control coverage and risk assessment.
- Micro-segmentation will help with device trust, while adding identity management and conditional access controls will strengthen defenses in user, application and data trust. For example, conditional access to Active Directory and hiding its objects will minimize the risk of an attacker gaining the privileges and information needed to advance their attack.
2. Monitor for lateral movement
Recent research indicates that roughly one-third of retail CISOs believe that their organization has experienced a cyberattack involving a threat actor entering their network by moving laterally from a partner or vendor’s network. This finding is particularly concerning for businesses that have invested heavily in cybersecurity, only to be undone by a partner with access to their network and a less robust security setup.
Today, there is widely available technology designed to prevent an attacker from successfully compromising user systems and block network access. However, these security controls do not effectively detect and prevent unauthorized activity during attacker discovery, lateral movement and privilege escalation. Businesses will want to have a “safety net” to see the attackers as they seek to break out from an infected endpoint. There are many attack methods that attackers can use and an ever-expanding attack surface to cover.
One should consider solutions that provide comprehensive coverage and can detect not only reconnaissance but also credential theft, privilege escalation and collection activities. Organizations will typically deploy a mix of EDR (Endpoint Detection and Response) solutions and deception technology to disrupt an attacker’s activities at this point.
Security teams can also go one step further and choose to play the attacker cat and mouse game differently. New concealment technology makes it possible to hide and deny access to local files, folders, removable storage, network or cloud shares, local admin accounts and application credentials. It is a powerful new control capable of preventing attackers from stealing or altering data — which are fundamental components of ransomware attacks. Attackers who bypass perimeter controls may think they’re free and clear, but the use of lateral movement prevention controls can stop them in their tracks.
3. Don’t store more data than necessary
Cybercriminals can only steal the data that is available to them. Unfortunately, some businesses have a habit of storing more information than they need to. Attackers will often look to access and steal information from databases, so it’s essential to make sure those databases contain only the absolutely necessary information. For instance, in the unfortunate event that an attacker breaches a customer database, they should never have access to extraneous data, such as three- or four-digit card verification values (CVVs) or PINs. Businesses storing this sort of information are asking for trouble.
4. Understand and be prepared for how advanced cybercriminals operate
There is a reason the phrase “know thy enemy” remains so well known: if you want to stop an opponent, it is critical to understand them. Sophisticated cybercriminals will focus on stealing credentials and gaining the privileges needed to access secure drives, Active Directory and other high-value data.
The new MITRE® Shield guide is a useful resource for building an Active Defense against an adversary. The guide defines 33 techniques and 190 use cases that organizations can use to understand security controls and apply them to take a proactive stance against cybercriminals.
With this in mind, defenders can cover 27 of these techniques and 123 use cases by deploying concealment and deception technology to plant decoys and detect, misdirect and derail these attacks. As attackers interact within the deception environment, defenders can gather and analyze valuable company-centric threat intelligence. Gaining real-time knowledge of the attackers’ actions as they attempt to enumerate Active Directory or fingerprint an endpoint, and having the ability to collect TTPs (Tactics, Techniques and Procedures) and IOCs (Indicators of Compromise), is invaluable for reducing attack dwell time and the magnitude of a compromise.
5. Protect retail cloud infrastructure
A growing number of retailers are leveraging the cloud for computing and storage, and it is critical that they safeguard the data and processes from attack. Fortunately, there are many new technologies available, including Cloud Security Posture Management (CSPM), Cloud Workload Protection Platforms (CWPP), Cloud Access Security Brokers (CASB), deception and concealment technology and Cloud Infrastructure Entitlement Management (CIEM).
While none of these technologies represents an individual silver bullet that will solve all cybersecurity problems, each has a vital role in an overlapping cloud security strategy. Misconfigurations represent one of the biggest dangers in the cloud, and having a layered defense in place to detect intruders and their activities is essential.
Be a Cyber Monday Winner — Not a Victim
Cyber Monday is now expected to overtake Black Friday in shopping volume this year. This major shift to online shopping underscores how important it is for retailers to protect their networks effectively. Recent spikes in ransomware attacks and defenders exploiting cloud misconfigurations have given cybersecurity professionals a glimpse into cybercriminals’ preferred tactics. Fortunately, with more security tools than ever at their disposal and more information about attackers, their methods and their goals, retailers have never been in a stronger position and better equipped to protect themselves effectively on Cyber Monday.
Carolyn Crandall holds the roles of Chief Deception Officer and CMO at Attivo Networks. She is a high-impact technology executive with over 30 years of experience in building new markets and successful enterprise infrastructure companies. She has a demonstrated track record of effectively taking companies from pre-IPO through to multi-billion-dollar sales and has held leadership positions at Cisco, Juniper Networks, Nimble Storage, Riverbed, and Seagate. Crandall is recognized as a global thought leader in technology trends and for building strategies that connect technology with customers to solve difficult operations, digitalization and security challenges. Her current focus is on breach risk mitigation by teaching organizations how to shift from a prevention-based cybersecurity infrastructure to one of an active security defense based on the adoption of deception technology.