Advanced Threats: Should Retailers be Concerned? Part IBy: Secureworks
It's no surprise that advanced threats are a major concern for industries like financial services and healthcare. After all, they offer criminals potential access to millions of dollars as well as valuable patient and business data. But what about retailers? Should they be worried?
An advanced attack is one that can successfully evade most standard network and end-user detection and prevention methods. It typically uses a combination of existing techniques to create a more sophisticated threat that is harder to detect and prevent.
One threat affecting retailers that has become more advanced in recent years is Distributed Denial of Service attacks, or DDoS. Targeted DDoS attacks can take web applications offline and prevent legitimate customers from reaching the retailer's website. Ecommerce, which has seen phenomenal growth in the past year, is often a target for DDoS attacks, particularly during high-traffic periods such as the holidays. DDoS attacks may be used as a means to blackmail organizations, or to provide cover for intrusions into the organization's main network.
In some instances, criminals may use a combination of commodity threats, such as phishing emails and compromised websites that download malware onto customer or employee computers, which in turn steal retail customer data. In other cases, criminals may combine physical POS device tampering with credit card counterfeiting operations or use vulnerabilities in POS systems to hack into backend systems.
Advanced threats can also include Advanced Persistent Threats, or APT, now a widely-used term for an attack that targets a small number of organizations or even a single organization using different tactics until they are successful (thus the term "persistent"). Advanced Persistent Threat actors employ a methodical approach to target, penetrate and expand access across your entire network, including headquarters offices, ecommerce operations and other sales channels, to find and extract any information that might be valuable, whether for financial gain, competitive or political motivations or a combination of all of these.
A recent study from PricewaterhouseCoopers shows that APTs are definitely a concern for many retail executives. According to its 2012 Global State of Information Security Survey?, nearly half (43%) of the survey respondents said that APT concerns drive their organizations' security spending. However, an alarming 86% said their organizations' security policies do not address APT, nor do they have the capabilities and tools to combat it, such as penetration testing, advanced network traffic analysis, and centralized security information management processes.
What about your organization? Are you more concerned about advanced threats than you were a year ago? Are you confident your organization can recognize them and take proactive measure against them? Or do you believe that PCI DSS requirements offer sufficient protection?