February 26, 2014, 5:23 PM

What online retailers can learn from breaches at Target and other retailers

Even retailers without store payment systems, the entry point for criminals who hacked Target, Neiman Marcus and other retailers recently, are at risk, a security expert says. Any business with a network is vulnerable to similar attacks, he says.

You may not have a brick and mortar location full of point-of-sale systems, but that doesn’t mean the cyber threats that got the best of Target, Nieman Marcus and Michael’s don’t apply to e-commerce. In fact, online-only retailers are just as susceptible to the devastating data breaches that are increasingly targeting retail locations.

The reason why is that these are not just point-of-sale breaches—these are coordinated network attacks, designed to breach a company’s primary network.  The POS infections are one tactical element of stealing the customer data, but ultimately this is a story about vulnerable networks. If you have a network, you’re vulnerable to similar attacks—it’s not about the POS, it’s about accessing customer data through any means necessary.

Recent forensic investigations found that the hackers who stole 40 million credit and debit card numbers from Target appear to have breached the discounter's systems by using electronic credentials stolen from a vendor. In this case, a POS system was found to be the endpoint device that was compromised, but once the attacker got inside using the stolen credentials, they were able to wreak havoc on the network.

What kind of endpoints do e-commerce retailers have?

They have the same end points as any other business.  Amazon is an e-commerce company with thousands of employees. Are those employees using their own devices at work? Are they using company-issued devices?  Internet retailers use the same PCs, laptops, phones, printers, inventory management equipment and mobile devices as any other company. All of these IP-enabled devices are connected to the corporate network—meaning that if any one of these devices is compromised, the entire network is in danger.  Each employee (or connected) device expands a business’s attack surface exponentially.

So what’s the key to protecting your network and your brand?

The first step any business needs to take is gaining visibility of everything on the network.  If you look at the majority of recent breaches impacting retailers of every size, the primary common denominator is that the attackers were able to gain access to the network via a compromised end-point device. 

If you have employees, and they use a computing device, there is a very high probability that at some point one of them is going to click on a phishing e-mail, or is visit a web site that will infect an end-point device. It’s the reality of the cyber-world we conduct business in.

This is why network visibility is so critical. If you do not know every device, every user or everything with an IP address that’s on your network, how are you going to remove it when there’s an infection?

This level of visibility provides the information needed to take quick action, like specific location and user information, so that when infected devices are discovered they can be removed from the network immediately.

Recent retail breaches provide a good example of what visibility of every device on the network can do for your security approach.  According to reports, the attackers built a repository on the network where they were storing customer information, before exporting it from the network.  The information was being sent directly from the POS system to the new repository. All this behavior should have immediately been flagged as unusual and potentially malicious, and all infected machines should have been immediately identified and taken off the network.  However, this activity was a blind spot and was not discovered for weeks.

Like any business, Internet retailers need take a new view of the attack landscape and threats facing their businesses.  Motivated hackers will find a way onto your network; the attack surface is simply too large to keep everyone out. This is why you need to start by gaining visibility of everything on your network, in coordination existing security solutions, to effectively protect cardholder networks and data.

Bradford Networks is a provider of network security technology.

comments powered by Disqus


Recent Posts from this Blog


Terri Mock / E-Commerce

How online jewelers fared this Valentine’s Day

The key takeaway: Start early, because sales tail off in the last few days before ...


Cynthia Price / E-Commerce

4 tips for improving email marketing results

Every piece of data you collect can help you serve your audience exactly what they ...


Bart Mroz / E-Commerce

How smaller retailers can utilize data as effectively as Amazon

Smaller companies have more constraints, but once they set priorities can still benefit greatly from ...


Philip Masiello / E-Commerce

3 reasons retailers fall short in email and social marketing

Reason one: They’re constantly trying to sell their customer, rather than to help and engage ...