February 26, 2014, 5:23 PM

What online retailers can learn from breaches at Target and other retailers

Even retailers without store payment systems, the entry point for criminals who hacked Target, Neiman Marcus and other retailers recently, are at risk, a security expert says. Any business with a network is vulnerable to similar attacks, he says.

You may not have a brick and mortar location full of point-of-sale systems, but that doesn’t mean the cyber threats that got the best of Target, Nieman Marcus and Michael’s don’t apply to e-commerce. In fact, online-only retailers are just as susceptible to the devastating data breaches that are increasingly targeting retail locations.

The reason why is that these are not just point-of-sale breaches—these are coordinated network attacks, designed to breach a company’s primary network.  The POS infections are one tactical element of stealing the customer data, but ultimately this is a story about vulnerable networks. If you have a network, you’re vulnerable to similar attacks—it’s not about the POS, it’s about accessing customer data through any means necessary.

Recent forensic investigations found that the hackers who stole 40 million credit and debit card numbers from Target appear to have breached the discounter's systems by using electronic credentials stolen from a vendor. In this case, a POS system was found to be the endpoint device that was compromised, but once the attacker got inside using the stolen credentials, they were able to wreak havoc on the network.

What kind of endpoints do e-commerce retailers have?

They have the same end points as any other business.  Amazon is an e-commerce company with thousands of employees. Are those employees using their own devices at work? Are they using company-issued devices?  Internet retailers use the same PCs, laptops, phones, printers, inventory management equipment and mobile devices as any other company. All of these IP-enabled devices are connected to the corporate network—meaning that if any one of these devices is compromised, the entire network is in danger.  Each employee (or connected) device expands a business’s attack surface exponentially.

So what’s the key to protecting your network and your brand?

The first step any business needs to take is gaining visibility of everything on the network.  If you look at the majority of recent breaches impacting retailers of every size, the primary common denominator is that the attackers were able to gain access to the network via a compromised end-point device. 

If you have employees, and they use a computing device, there is a very high probability that at some point one of them is going to click on a phishing e-mail, or is visit a web site that will infect an end-point device. It’s the reality of the cyber-world we conduct business in.

This is why network visibility is so critical. If you do not know every device, every user or everything with an IP address that’s on your network, how are you going to remove it when there’s an infection?

This level of visibility provides the information needed to take quick action, like specific location and user information, so that when infected devices are discovered they can be removed from the network immediately.

Recent retail breaches provide a good example of what visibility of every device on the network can do for your security approach.  According to reports, the attackers built a repository on the network where they were storing customer information, before exporting it from the network.  The information was being sent directly from the POS system to the new repository. All this behavior should have immediately been flagged as unusual and potentially malicious, and all infected machines should have been immediately identified and taken off the network.  However, this activity was a blind spot and was not discovered for weeks.

Like any business, Internet retailers need take a new view of the attack landscape and threats facing their businesses.  Motivated hackers will find a way onto your network; the attack surface is simply too large to keep everyone out. This is why you need to start by gaining visibility of everything on your network, in coordination existing security solutions, to effectively protect cardholder networks and data.

Bradford Networks is a provider of network security technology.

comments powered by Disqus


Recent Posts from this Blog


David Jones / E-Commerce

Countdown to Black Friday: mobile & web performance

Retail websites are becoming slower and heavier as the big shopping days near.


Mollie Spilman / Mobile Commerce

How to reach the cross-device shopper

Mobile browsing precedes a third of desktop buying, making it essential that retailers cater to ...


Margot da Cunha / E-Commerce

5 tips for holiday success when advertising on Facebook

Stop wasting money on non-converting keywords, use Facebook’s targeting tools, and more.


Raanan Cohen / E-Commerce

What Amazon’s sideswipe of Google and Apple means

Amazon no longer sells Apple TV and Google Chromecast, one more way it seeks an ...