|
Retail Security: A Critical
Need
By Keith Bird, Managing Director, Europe, SonicWALL.
The nature of Internet-based
threats have changed. Attackers have more sophisticated weapons
at their disposal, and the nature of the attacks themselves have
shifted. Hackers armed with Trojans, spyware programs, keygrabbers,
sniffers and other tools of Internet destruction seek out vulnerabilities,
wreaking havoc not just for the thrill of destruction, but for the
purpose of financial gain.
Famous bank robber Willie
Sutton, when asked why he robbed banks, responded plainly, "because
that's where the money is." The emergence of the Internet as
an important tool of commerce would have today's Willie Suttons
forsaking bank robbery for Internet thievery, because today, that's
where the money is. Nowhere is this more evident than in the retail
sector.
The Age of Retail
Connectivity
Wireless technology has come of age in retail, but in order to take
advantage of its benefits, strong security must be implemented.
The need to compete on
a global scale causes price pressures on the retail scene, as does
the transparence afforded consumers by the Internet. Forced by these
competitive pressures, retailers must drive prices downward to stay
in business. With price differentials decreasing rapidly and prices
gravitating towards the bottom end of the scale on all fronts, retailers
must do two things:
1. They must differentiate
their business through means other than price. This means offering
reassurances to customers that their personal information and transaction
data is kept absolutely secure.
2. They must turn to
Internet-based automation methods to become more efficient and drive
a bottom-line advantage.
Internet connectivity
has become pervasive at the retail level. Besides the fact that
most brick-and-mortar retailers also have an online presence, networking
across the physical stores and with headquarters also demands new
technology. Most retailers are moving away from private-line frame
relay networks to IP-based VPNs over low-cost broadband connections
to connect stores, because of the enormous cost advantages.
Other areas where Internet
technology has enabled the retail environment include:
Customer/partner portals.
These portals allow customers and partners a great many conveniences.
Customer portals could, for example, be built in such a way that
when a customer logs in, a custom opening page greets the customer
by name, and remembers details such as purchase history, shipping
address, and other particulars. Similarly, partner portals may offer
efficiencies that would allow suppliers to look directly into inventory
systems to determine whether or not a given product should be shipped.
Wireless POS terminal
applications. Wireless is revolutionising the retail environment
with things like "line busting" applications, which let
sales associates serve a customer waiting in line or on the sales
floor. With this type of application, sales are rung up with a mobile
device, and data is transmitted wirelessly to the cashier who processes
the payment.
Supply chain automation
and B2B exchanges. Efficiencies in the retail supply chain have
come largely on the back of Internet technology, with VPNs and other
connectivity tools giving supply partners an integrated connection
into your supply chain. Similarly, procurement has changed to a
much more dynamic model due to the presence of large-scale B2B exchanges,
also conducted largely over the Internet.
Security risks in the
retail environment are substantial. A vulnerability can cause a
retailer embarrassment, not to mention loss to the bottom line due
both to downtime that occurred as a result of the breach, and loss
of customers that occurred as a result of the negative publicity.
All of these retail applications,
from the B2B exchange on the back end to the wireless POS on the
front end, use the Internet as its very foundation, and are therefore
vulnerable to all of the flaws, malware, and vulnerabilities every
other Internet user faces every day.
Security recommendations
First of all, retail establishments should definitely take full
advantage of all the technology available to them. Wireless POS
technology, Internet credit clearing, and VPNs all bring competitive
advantages that are not only useful, they have become an absolute
necessity just to stay in business. But these new technologies must
be deployed carefully, and with security built in from the very
beginning.
Firewalls have become
easier to administer, but despite claims of "plug and play,"
no firewall vendor can offer a device that works flawlessly without
any set-up. And while some modern firewalls do have greater intelligence
built in, that computer intelligence still requires at least a modicum
of human intelligence behind it. Start with following common sense
best practices. A surprising number of breaches have occurred simply
because a firewall was installed without changing the default configurations
and passwords.
New retail POS terminals
are often based on open systems, and are therefore subject to the
same vulnerabilities as your desktop PC and corporate network. But
in the retail environment, there's no room for downtime. Besides
the firewall, this network must also be protected from other threats
through integrated anti-virus and intrusion prevention systems.
Similarly, web filtering must be part of the equation. Web filtering
helps keep the workplace free from objectionable material, but it
also helps keep it safe. Malware often comes in through rogue web
sites, and many of these attacks could be prevented with URL filtering.
That said, good security
that incorporates best practices, sound policy, education, and unified
threat management (UTM) can make even the largest retail organisation
secure from attack. You never know where your next threat will come
from, or what it will be. A well-designed security policy that uses
all the technology described therein, along with user education,
and a UTM environment that enhances the firewall with tight integration
to other services such as anti-virus, anti-spyware, intrusion prevention
and content filtering will provide more peace of mind for you and
your customers.
|
