2014 was a rough year for retailers. It felt as though a major retailer was breached every few weeks, leaving consumers and stakeholders not only more and more frustrated, but increasingly concerned for the safety of personal information. With limited IT resources and massive amounts of customer data to protect across multiple endpoints, effectively monitoring and defending the network from vulnerabilities is no easy task – regardless of the size and financial stability of the organization. Thankfully, it’s not a lost cause – implementing a cybersecurity solution that can continuously monitor the network and automatically detect, engage and remove malware, will multiply the effectiveness of a security IT team and expand their capabilities.
Hexis Cyber Solutions, a provider of advanced cybersecurity solutions for commercial companies and government agencies, has highlighted eight reasons why retailers have become such a prime target for hackers and why these vulnerabilities need to be taken into consideration before their company becomes the next cyber attack victim to make front page news.
Retailers: A Prime Target for Hackers
Click through for eight reasons why retailers are prime targets for hackers and why these vulnerabilities need to be taken into consideration, as identified by Hexis Cyber Solutions.
Adopting a multi-channel strategy heightens the customer experience and opens up many opportunities in the competitive landscape. This approach creates a need to engage customers across multiple channels but can make data security challenging because with customer data spread across disparate locations, effective monitoring is difficult.
Point-of-sale terminals have significant vulnerabilities that make them easy targets for hackers. Hackers have found ways to grab the card data before it is encrypted into the POS system’s memory. Retailers that use POS machines need to provide end-to-end encryption for all credit card transactions in order to protect customer data, otherwise those systems will continue to be at risk. Lesson learned: End-to-end encryption for credit card transactions is no longer a nice-to-have, but an absolute must.
Hacked QR Codes
Retailers deal with QR codes day in and day out. Known to the outside world as the square barcodes customers have handy when swiping an app from their phone to a direct website, QR codes are a vital tracking tool for retailers. The trouble with these codes is that they are easily manipulated by hackers, ultimately acting as a door into a retailer’s network if hacked. Cyber criminals leverage these codes by taking users to a malicious website that infects the system without the user ever knowing, and then directing them to the correct website. QR codes are indecipherable to the naked eye – but for experienced hackers, they’re easily translated.
Some retailers are faced with limited funds to invest in their IT infrastructure. As a result, they’re often operating on aging systems. One step further, retailers with multiple branch locations are challenged with the task of updating physical hardware at each location without compromising productivity. New systems are bought on an as-needed basis, creating a mash-up of new and old hardware and systems running together.
Because of the way they operate, retailers face the risk of a hacker with each and every person physically walking into their stores. Although it sounds crazy, individuals with malicious intent can gain physical access to the retailer’s network and data through open ports (USB or Ethernet). These hackers can simply open POS systems when no one is looking and install cables and other devices to copy and siphon data.
Near Field Communications (NFC), the technology that makes “tap to pay” or “mobile wallets” possible, is a security risk because retailers can’t control who is accessing their system. In the event a customer’s phone gets hacked, a virus could be easily injected into a retailer’s network by simply giving access to the NFC outfit. With mobile wallets like Apple Pay and LoopPay being built into smartphones, this hacking method will start to become more popular and prevalent for retailers.
The ubiquitous technology trend of BYOD gives non-corporate devices access to the company network. Although productivity is increased, all corporate networks, not just retail, are in danger of unprotected wireless devices allowed on the network. A proper BYOD strategy with the necessary security precautions in place can easily stop an unsuspecting employee from spreading malware to corporate computers.
Retailers are adopting many new devices that track customers throughout the store to provide the company with data and behavior analytics. As small computers, these devices also provide two things to hackers: more customer data and more ways to access the network.