A wildly-successful import from the US, Black Friday has torn up the rule book for UK retail, delivering a lucrative kick-start to many firms’ pre-Christmas shopping calendars.
But as online retail security breaches become regular events, it’s clear that there’s something unpleasant lurking deep in the heart of British retailers’ networks, waiting to wreak havoc on the long-awaited date of November 25th – or even before.
It’s like the sci-fi movie Alien, where a foreign body escapes from crew member John Hurt’s chest, unleashing mayhem in the spacecraft’s murky corridors. This scene comes to mind because as shoppers piled online in 2015, retailers happily shrugged off crashing websites, yet still achieved record takings. But the conditions for unseen and unknown threats to settle deep in IT networks and unleash havoc in the future were all in place.
Since today’s digital attackers show extraordinary sophistication, long-term planning and guile, retail executives can no longer afford to treat Black Friday security in isolation: threats are burrowing inside company networks every time the network is busy. Peak demand events give criminals cover to introduce malware onto networks – or carry out exploits such as harvesting consumers’ personal details using malware dropped on the network months before. Just as the alien lurked in John Hurt’s body for months before the famous ‘chestburster’ scene, so the hackers of US stores Wendy’s and Yahoo downloaded millions of records weeks after infecting the stores’ IT infrastructures. Telco Verizon estimates that network threats lie undiscovered for 207 days on average while a British Retail Consortium study found that most cases of UK retail fraud are committed online.
To avoid a John Hurt-style fate this year, UK retailers need to stop assuming that continual security measures are from another planet. They need to safeguard the heart of their networks, as well as the so-called perimeter. So how can they repel cyber-attacks when facing daily competition and the demands of omnichannel?
Get inside the network
Businesses accept that armies of botnet computers can take down a website; retail executives have to harness their own computing resources in a benevolent way, on a correspondingly gigantic scale, to neutralise threats inside their networks. This can be achieved based on innovations including:
- Data-analytics and machine-learning to embed security systems
- Automated threat management
- Behavioural attack detection resources.
These next generation tools help retailers manage the huge task of examining threats hidden in IT infrastructures amid soaring traffic. CIOs can use automated systems to review data crossing their networks even in these conditions - detecting threats that even recently-released proprietary security solutions can no longer identify.
The new technologies that are looking at automated and behavioural threat detection break new ground in identifying these threats within the network. This is because they are bridging the gap between the firewall and the security information and event management (SIEM), and can monitor network east to west traffic far more efficiently than human-led interventions. For instance, a retailer running a SIEM system may indeed identify threats on the network from the logs, but just applying the system isn’t enough. To truly combat the security breach, the retailer needs to look at the packets within the network that is able to provide early warning in determining factors such as whether the attack was isolated, what was altered in the attack and how it entered the network; and without artificial intelligence they would have to do this manually.
Retail IT teams will also need to determine malware behaviour patterns and plot how such attacks will play out in the future using tools such as cognitive algorithms; this innovation is an intelligent way to fight off hackers’ zero-day threats that exploit corporate system vulnerabilities that are still unknown to their IT team.
Most of all, retail executives need to build a flexible security posture and practical measures that constantly evolve - just as criminal threats do. And when an IT team does enact a mix of machine learning and artificial intelligence resources to number-crunch the mass of network traffic on 25th November, boards might be pleasantly surprised to learn that these tools can be hooked up to their company network by a simple local network connection.
Roll out the security fabric
While high-profile breaches like Tesco Bank prompt retailers to update network security, beefing up security by implementing security offerings from different vendors is complicated. Such an approach can mean that retailers end up with a patched-up network where threat detection elements don’t complement each other, exposing the networks to an unacceptable level of risk.
The security fabric is an underlying system that enables you to move the right data packets to the right security analytics tools, faster, enabling better performance and efficiency of an integrated and varied security infrastructure.
Bolster endpoint security
But retailers can’t simply shift resources to beef up security inside their networks. Given today’s federated supply and device-enabled workforces, they still need to upgrade their endpoint security requirements too.
The rise of the Internet of Things (IoT), with sensors embedded in logistics systems and components, deliver a further level of data insights to IT teams, but also deliver a fresh layer of network end points for criminals to attack. And, always seeking to boost responsiveness, UK retail has sanctioned entire workforces such as in-store and delivery personnel using mobile devices or bring your own devices (BYOD) policies to better connect shop floor operations. But network-based devices create new opportunities for criminals and hackers to enter company networks unless locked down.
The Next Generation of Endpoint protection technologies enable IT teams to identify and stop advanced endpoint attacks and protect the infrastructure from internal users by using automated processes and behavioural insights on scales never previously seen. These tools, now available as either enterprise applications or managed services, enable retail CIOs to view and control suspicious behaviours as never before, and see that they are being stopped.
Find the threat within
Black Friday is UK retail’s prime opportunity to kick-start sales. But while retailers are willing to invest in online transactions they also need to accept that continual network security measures are no longer an idea from another planet.
Executives will want to avoid the fate of the ship’s captain in Alien - who failed to spot that John Hurt’s painful threat from within was much more than a stomach upset, with his crew suffering untold difficulties ever after.
Marc Sollars, CTO at Teneo
Image source: Shutterstock/hywards