By: Maureen Gray and Mark Hoffman of Blue Ridge Networks
Now that we are more than six months into 2020, we’re getting a clearer sense of how the cybersecurity landscape has been affected. Throughout the pandemic, we’ve seen a steady increase in the volume of both successful and attempted cyberattacks. In the past six months, cyberattacks have been more tactical and targeted than ever. As a result, they’ve had a greater success rate and a devastating impact on countless businesses worldwide. The retail industry has been hit particularly hard during the coronavirus pandemic. After having to close their doors to comply with social distancing mandates, reopening has caused businesses to become a high priority cyberattack target yet again. The majority of these attacks were on devices that were not effectively segmented from the network, giving malicious actors the ability to move laterally through an otherwise secure infrastructure.
By integrating e-commerce platforms into back end systems such as inventory, payment, and data networks, retailers have created significant opportunity for a breach. Physical stores present cybersecurity challenges of their own, with both telecom and endpoint security solutions introducing new endpoints that may be compromised. The new and evolving tactics used by hackers have made many legacy security solutions ineffective in protecting against an attack – even if they are compliant with industry regulations.
According to the 2019 Thales Data Threat Report, 62 percent of U.S. retail survey respondents reported a breach in their history, 96% use sensitive data on digitally transformative technologies, and only 36% use data encryption within their environment. As payment security breaches have increased throughout the years, retailers are faced with an increased number of controls required by the PCI DSS and an increased fine for noncompliance. Yet, even PCI compliant organizations are still experiencing breaches. With the cost and complexity of deploying traditional IT solutions across disparate remote stores, it becomes extremely challenging to ensure all controls are in effect.
Our case study tells the story of how a major retailer segmented and secured its networks and POS devices, while maintaining connectivity and uptime for its 220 remote stores. In doing so the retailer reduced CapEx and OpEx by 50% through PCI Network simplification, completed PCI audits 60% faster without additional IT staff, and reduced attack surface by 90% through cloaking, network isolation, and encryption. All this for an affordable fixed cost per store. You can find more stats and learn more by reading the full Retail Case Study, here.