A blueprint for keeping retail safe and secure

Ransomware is currently rated as one of the biggest threats to the IT systems of companies andorganisations, according to thePresident of the German Federal Office for Information Security.How big is the issue?The GermanIT industry association Bitkomsays thatcyberattacks including ransomware have resultedin damages of approximately 223 billionEurosin 2020/2021.

One industry sectorbeing hit particularly hard isretail.According to newglobalresearch,ransomware attacks on the retail sectorgrew by183%between the first two quarters of 2021.This includes an attack onGerman clothes retailer Waschbar,which not only forcedthe shutdownofits email system but also itsonline and telephone order processingsystems.Naturally, theseincidentshave retailersconcernedas they work tirelessly to address growing supply chain issues and labor shortagesandprepare for asuccessful2021 holiday season.

The retail industry is in a critical state 

Retailers are embracing new innovations to increase efficiency and deliver superior customer experiences. But what many don’t realize is this—many of these innovations are introducing new, attractive targets for cybercriminals.

These include:

• Digital Transformation: Retailbusinesseshavebeen at the forefront of digital transformation,which includesthe growing use of contactless transaction technology and mobile apps.These businesses are alsobeginningto deploy internet of things (IoT) technology—currently, 80 percent plan to adopt or are currently adoptingIoT technology,includinginnovations such asenvironment monitoring, in-store navigation, cloud-connected kiosks, anddigital signage.Each of these has significantly expanded the attacked surface.
• Retail Automation:All retailers are looking toincrease efficiencyand many are turning toretail automationto deliver.Someexamples in play today includeself-checkouts,warehouse robots,wireless shipment devices,andautomated inventory management systems, each of which adds new vulnerabilitiesthatcriminals are looking to exploit.
• Point ofSale (POS)Solutions:Retailers are usingPOSsolutionstogather a variety of data including credit card numbers and personal identification numbers (PIN) fortrillionsof transactions every day, all of which are gold to today’s criminals.
• Supply Chain: In what seems like the blink of an eye, the supply chain has become a top target for cybercriminals. The European Union forecaststhere will be four times more software supply chain attacks in 2021 than there were in 2020.One reason for thissuccess is that62 percent of attacksareexploitingapresumed trust and confidence that retailers havein theirsupply chain. With retailers counting on their supply chains for inventory management, order fulfillment, and software management, the risk of exposure will only continue to grow.
• Insider Threat: Today 38 percent of ransomware attacks in retail are the result of insider threats and as an industry subject to higher turnover rates thanothers, the threat of continued incidents is significant. This vulnerability isfurtherexacerbated by a dependency on seasonal employees and larger distribution centers.

While retailers continue to evolve and grow increasingly more aware of thesevulnerabilities, ransomware gangsare not standingidle. They fully recognize the opportunities that exist today and are actively targeting them now—in fact, many retailers have likely been comprised already and just don’t knowityet. 

RetailAttack Surface Blueprint 

With escalating threats and increasing vulnerabilities, prevention is no longer enough.Just asretailersroutinely offer discounts and incentives to help drive sales,they must also implement aransomware routinethatproactively looksfor hidden threats. This is where ForeNova’s Attack Surface Blueprint, delivered by NovaCommand, comesin.  

The attack surface blueprint helpsbusinesses, across all industries, avoid becoming the next victim by seeing what the criminals see. It provides a complete view of an organization's IT landscape, including the most common exposures - and easy targets for cybercriminals. 

Built byForeNova’steam of ransomware experts, using data gathered from thousands of enterprises, ransomware attacks, and undetected threats, attack surface blueprintsgiveretail security professionals the intel required to move quickly and confidently in responding to threats. With visibility into your ‘attack surface,’ you can start to fight back–and beat ransomware gangs at their own game using the Network Detection and Response (NDR) solution,NovaCommand. 

Network Detection and Response 

 Through a combination of machine learning, advanced analytics, and rule-based detection, NovaCommand eliminates blind spots in the network to quickly mitigate threats.

NovaCommandisa complete NDR offering,providingretailerswith deep network visibility into on-premise and cloud environments. Using ML to model the normal behavior of network traffic, NovaCommandis able toquickly identify abnormalitiesandthen eliminate false positives. This allows teamsto focusall their effortson suspicious network traffic and activities that may represent a cyberattack. These techniques include signature analysis, malware detection,sandboxing, indicators analysis, email security, web security, machine learning, AI, deception, and asset risk analysis.

 Whendetected, NovaCommand prioritizes the threat and triggers the correct response actions. These response actionscan be manual or automatedand areenabled through tightintegration with firewall vendors, endpoint protection vendors, and other security products like network access control solutions. Response actions can block ports, trigger an endpoint scan or block a port on a physical switch. NovaCommand also provides incident responders with the tools they need to make risk-based decisions and mitigate attacks in near real-time.

There’s no doubt that the threat posed by ransomware is significant and growing. But all is not lost. Through aproactive security postureandautomated threat response, retailers canuncover hidden and unknown threatsto quicklyclose security gaps and greatly reduce strain on internal resources.The reality for all industries is thatwe can’t stopransomware,but wecanprotectorganisationsfromthesenew and persistent cyber threats.