2018 Predictions & Recommendations: What Retailers Should be Thinking About and Planning for

save
Share and earn Cybytes
Facebook Twitter LinkedIn Email

 

cpr retail Blog 600x300

This post is part of an ongoing blog series examining predictions and recommendations for cybersecurity in 2018.


Overview

I see two big things in 2018 that the retail world should think about and plan for:

  1. Retail transactions will be processed on more insecure and unsecurable platforms than ever.
  2. The surge in cryptocurrency prices will drive cybercrime innovation in new, unexpected and unpredictable ways, which may pose major risks for retail.


Retail transactions will be processed on more insecure and unsecurable platforms than ever.

In the early days of electronic retail transactions, they were done on a single platform that was totally under the control of the retailer. When e-commerce began in the late 1990s, that scope expanded to include the retailer’s internal platform, its e-commerce platform and the platforms from which shoppers accessed those (Windows, or Mac).

Today, you literally can’t count the number of platforms involved in retail transactions. And as the number of platforms has exploded, so has the problem that many of these are inherently insecure and can’t be made secure. Whether it’s an online shopper using a Windows XP system, an in-store shopper using an old Google Android smartphone, or someone using a new, wearable IoT device with a built-in wallet (but no built-in security), the fact is that retail transactions now are being done on fundamentally insecure and unsecurable platforms. And the proliferation of new devices, combined with how older systems and devices become insecure and unsecurable over time, means this problem will get worse in 2018.


Recommendation:
Retailers need to adopt a Zero Trust architecture approach that reflects this reality. By realistically assuming that many of the platforms in the end-to-end transaction can’t be trusted, defenders can focus their prevention and protection efforts around what they can trust and defend.


The surge in cryptocurrency prices will drive cybercrime innovation in new, unexpected and unpredictable ways, which may pose major risks for retail.

Like I outlined in my recent retail Threat Brief: Unauthorized Coin Mining – A New Threat Facing Shoppers and Retailers This Holiday Season, we’ve seen a disruption in the threat space recently in the form of unauthorized coin mining attacks. These constitute a new class of attack, and they’re being driven by the surge in the prices of cryptocurrencies like bitcoin. We’re already seeing innovation around attacks focused on getting cryptocurrency into the hands of attackers.

If we look at ransomware as a guide, we saw an explosion in innovation and development as ransomware became an ever-more-lucrative area for attacks. I expect cryptocurrency attacks to follow suit.

The retail sector has acute exposure to these potential threats. The close relationship between retailers and online financial transactions, retailers’ strong presence as trusted internet sites, their trusted logos, and name recognition all make an environment that leaves retail particularly vulnerable to new attack in this area.

Whether it’s the risks of attackers trying to mine cryptocurrencies off popular shopping sites, trying to launder stolen cryptocurrencies through gift cards, or using online retailers’ names and logos as lures to cryptocurrency mining sites, retailers and their customers could be prime targets in this new threat environment.

The challenge is this: cryptocurrency theft and fraud are such new threats that we can’t fully scope them yet. That uncertainty makes this threat all the harder to mitigate. We are dealing with the worst kind of threat to assess: the “unknown unknown.”


Recommendation:

With a little-yet-understood new factor in the threat environment, the critical practice of keeping up to date on threat intelligence and the latest threat trends is even more important. Equally important is supporting and participating in information sharing programs so that new threat trends can be quickly identified and defenders can work together to counter these new threats more quickly.

Additionally, adopting a Zero Trust architecture approach can help focus prevention efforts on the things that can be controlled.

Finally, it’s critical to maintain a heightened security posture to react quickly as new classes of attacks emerge. In an environment like this, it’s not enough to simply be ready to deploy new technological countermeasures: prevention, in this case, may well require rethinking your security posture.

The post 2018 Predictions & Recommendations: What Retailers Should be Thinking About and Planning for appeared first on Palo Alto Networks Blog.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
Follow
64 Followers
About Palo Alto Networks
Palo Alto Networks is the next-generation security company maintaining trust in the digital age by helping tens of thousands of organizations worldwide prevent cyber breaches. With our deep cybersecurity expertise, commitment to innovation, and game-changing Next-Generation Security Platform, customers can confidently pursue a digital-first strategy and embark on new technology initiatives, such as cloud and mobility. This kind of thinking and know-how helps customer organizations grow their business and empower employees all while maintaining complete visibility and the control needed to protect their critical control systems and most valued data assets. Our platform was built from the ground up for breach prevention, with threat information shared across security functions system-wide, and designed to operate in increasingly mobile, modern networks. By combining network, cloud and endpoint security with advanced threat intelligence in a natively integrated security platform, we safely enable all applications and deliver highly automated, preventive protection against cyberthreats at all stages in the attack lifecycle without compromising performance. Customers benefit from superior security to what legacy or point products provide and realize a better total cost of ownership.
Promoted Content
Unit 42 Report - Ransomware: Unlocking the Lucrative Criminal Business Model
Ransomware, specifically cryptographic ransomware, has quickly become one of the greatest cyber threats facing organizations around the world. This criminal business model has proven to be highly effective in generating revenue for cyber criminals in addition to causing significant operational impact to affected organizations. It is largely victim agnostic, spanning across the globe and affecting all major industry verticals. Small organizations, large enterprises, individual home users – everyone is a potential target. Ransomware has existed in various forms for decades, but in the last several years criminals have perfected the key components of these attacks. This has led to an explosion of new malware families and has drawn new actors into participating in these lucrative schemes.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel