Guest Blog by Charles Tendell
The retail sector has been targeted and damaged by high-profile cyber security incursions, resulting in a loss of customer confidence and a move by retailers to upgrade security measures in the constant battle against criminal hackers. Security threats exist at multiple points in the retail chain, from point-of-sale systems and online purchasing to employee access to sensitive information. It’s part of a dizzying trend including research by the Ponemon Institute showing that hackers have exposed personal information of nearly half of all Americans in the past year.
One important tool retailers must implement is penetration testing, conducting ongoing self-evaluation of systems, processes and policies in an effort to stay ahead of the curve. However, penetration testing is not enough to identify new threats ahead of time, as proactive threat intelligence is needed to fill the gaps in penetration testing and implement a truly dynamic and aggressive cyber security protocol. It’s often the case that companies do not notice retail hacks until weeks or months after the intrusion, creating far more damage.
Proactive Threat Intelligence
Retailers should monitor the ‘deep web’ to identify problems before they become implemented by criminal hackers, such as point-of-sale malware, the latest in credit card skimming capabilities and a wide range of Trojan Horses. Only by staying ahead of the curve on a constant basis can retailers have a chance to combat these and other nefarious activities. It’s similar to having a tornado warning; even a bit of notice can go a long way. Having time to understand each threat and prepare defenses is key.
This type of aggressive cyber security is not typically implemented by a traditional IT department, but by ethical hackers who work and lurk in the same places as criminal hackers, but use their knowledge to protect businesses and consumers instead of damaging them. Ethical hackers monitor and participate in message boards, chat rooms and other online sites, as well as hacking conferences, where the most current information on what’s coming next appears before techniques are implemented against businesses and consumers. This is how ethical hackers create the warning time needed to implement defenses.
It’s important for retailers to have an active program searching threats on a proactive basis, because hackers are always adjusting and updating tactics in the deep web.
Charles Tendell is a cyber security expert and founder of Azorian Cyber Security