Cyber Crime has shifted in recent years from financial or informational hacks to vigilante hactivism. Today’s hackers might break into a secure system or launch a DDoS attack for traditional reasons, but more than ever, attacks against businesses that didn’t behave within the hackers’ sets of ideals are becoming commonplace. With the last month of the year the time period where most businesses rake in the majority of their revenue, this makes this time period the most vulnerable attack time. For anyone who wants to put a dent in a company’s bottom line – now is the time to strike. Enterprises can stay protected with these golden rules from Ron Meyran, director of security product at Radware.
Golden rules for large retailers
1. Assess business risks. It is essential for businesses to understand what would provide the most risk to the company. A data breach? Web defacement? Service degradation? Service shut down? Prepare for the worst-case scenario.
2. Assess your enemies. Competitors may want a business down, and financially motivated criminals might seek its customers. Well-known companies, or those affiliated with the copyright industry, (e.g. movies, publishing,) are at risk from Hacktivists groups, like Anonymous, at any time.
3. Deploy DDoS Protection solutions. DDoS is a growing threat that can no longer be ignored. Downtime due to DDoS attack may cost not only in lost revenue but also damage a business’ reputation. There are service providers that offer Network DDoS protection but companies need to fight application DDoS. Investesting in security tools and expertise is a critical step to keeping a business healthy.
4. Know users. Deploy Network Behavioral Analysis (NBA) tool to monitor exactly what types of information users are sending and receiving, and to whom. Set-up access restrictions to protect confidential information such as team sheets, player fitness details and equipment designs.
5. Deploy a network wide security management tool. Use this to correlate event logs from all security tools. Attackers get sophisticated; they use multiple attack vectors to breach and abuse your systems. You must maintain your ability to be on top of every suspicious activity.
6. Rethink perimeter security. Mitigating today’s network and application attacks can no longer rely on traditional network security protection tools. Vendors offer IPS solutions or DoS mitigation solutions – all are point solutions that rely on a deterministic or statistical approach. Fighting emerging network threats requires adopting a holistic approach that combines traditional security tools with network behavioral analysis tools.
Golden rules for small to medium retailers
1. Maintain up-to-date systems. This includes all available software patches and updates. Small businesses need to install the latest general acceptance software versions on their equipment.
2. Deploy a network-wide security management tool. Correlate event logs from all security tools in a centralized location. Attackers get sophisticated; they use multiple attack vectors to breach and abuse systems. Businesses must maintain the ability to be ahead of suspicious activity.
3. Separate internal and external application servers. Ecommerce application is a critical application and should be most secured. There is no reason to place the mail servers on the same segment as it opens another port for hacking into systems. This will help prevent external server hacker getting automatic access to internal data.
4. Educated customers. Businesses can ensure savvy customers by ensuring that all promotional content from the same mail address they know, and by repeating in all mailings that the business would never ask for personal information.
5. Compliance does not always assure security. Being compliant may cover retailers in case of a security breach, but the main objective is to avoid the next breach. By using compliance tools to mold best practices, companies can remain secured.
Golden rules for shoppers
1. Be suspicious. If an offer seems too good to be true, then it is.
2. Be suspicious. Got a promotional email? Don’t click the embedded links. Go to the online retailer web site and look for the promoted goods there. Can’t find it? It’s probably a scam.
3. Be suspicious. Never provide account credentials unless it is through actively accessing an account. Phishing emails are more authentic looking than ever - even if an email is identical to a company’s logo and image, companies will almost never ask for personal information.
4. Maintain updated and secure computing environment. Get a genuine copy of Microsoft Windows and install a paid antivirus. Running an operating system’s copy doesn’t provide the security updates and software patches which are critical to keep systems up-to-date against emerging threats. Additionally, free anti-virus software is at best outdated, if not the virus itself!