2015 was a big year for data breaches. According to recent reports, approximately 780 million records were compromised over the course of 1,632 separate security incidents last year, with external actors, malicious insiders, hacktivists, nation-states and accidental loss all primarily to blame.
Government organizations were by far hackers’ favorite target, as we learned through the 22 million records compromised in the Office of Personnel Management (OPM) hack. Even so, other sectors, including financial services (Experian) and healthcare (Anthem Insurance), did not make it to year’s end untouched.
If last year’s figures have anything to teach us, it is that the threat of a breach looms over each organization where customer data is stored, handled, or processed. This fact remains true across every industry vertical.
All organizations need to take their data security seriously, a focus which should include investing in a skilled team of security professionals who can help protect company systems against malware and emerging threats.
However, that’s not to say that every sector faces the same threats. Healthcare organizations are responsible for protecting customers’ medical and financial information, whereas industrial enterprises need to concern themselves with safeguarding the Industrial Internet of Things (IIoT).
With these unique challenges in mind, we are pleased to announce a new series in which we provide information security professionals with resources that are relevant to the industry vertical in which they work. We begin our series with the retail vertical.
Conferences and Summits
Conferences allow infosec professionals to further their learning and to make valuable connections in their field. Here are some upcoming events where personnel in the retail industry can deepen their appreciation for IT security.
The Retail Cyber Intelligence Summit 2016
When: April 25-26, 2016
Where: Chicago, Illinois
The Retail Cyber Intelligence Summit 2016 is a private, two-day event that will bring together top information security leaders and teams representing the most prominent retail and consumer services organizations from throughout North America.
The Summit features a Retail Cyber Intelligence Sharing Center (R-CISC) member-driven agenda that includes sessions delivered by prominent thought leaders, experts from the provider community, collaborative workshops, cybersecurity exercises, and networking opportunities.
R-CISC emerged from RILA.org, in conjunction with NRF, to help retail organizations protect against the evolving cyber threats. Core to this support is the sharing of actionable threat information, as well as education and research.
Dwayne Melançon, Chief Technology Officer at Tripwire, will speak on “Restoring Trust After a Breach” at this summit. While many retail organizations take various preventive methods to reduce the risk of data breaches, even the most prepared establishments are still at risk. According to a survey conducted by the Ponemon Institute and sponsored by Arbor Networks, it takes retailers an average of 197 days to detect a breach. The moments following a breach are crucial; organizations must move quickly to identify the extent of the compromise as well as which systems can be trusted. This session will give insight into how IT professionals can restore affected systems after a data breach.
Gartner Security & Risk Management Summit
When: June 13-16 2016
Where: National Harbor, MD
Gartner Security & Risk Management Summit is a four-day conference for IT security management hosted by Gartner, a high-caliber industry analyst organization that shares its insights on IT security. Though not exclusive to the retail industry, this summit will bring CISOs and others together to learn proven practices and strategies that will help organizations reduce cyber risk while drive more retail businesses. Tripwire will be there along with many of our Tripwire technology partners.
Beyond the Point of Sale: Six Steps to Stronger Retail Security, SANS Institute InfoSec Reading Room, 2015. (PDF)
This paper is sponsored by Palo Alto Networks and offers six helpful steps to block threats: network segmentation, role-based access controls, application control & exploit prevention, continual monitoring of the entire IT infrastructure for suspicious behavior, and automated response to quickly block attacks.
451 Research: Tripwire Rings Up POS Threat Protection for the Besieged Retail Industry
In this paper, 451 Research examines the POS threat landscape and why this is a frequent attack vector. An in-depth review of solutions for the POS protection is offered. Tripwire is part of this review along with a fair collection of others.
Cybersecurity challenges in an interconnected world: Key findings from The Global State of Information Security Survey 2015 – Retail and consumer, PwC, 2015. (PDF)
This research offers the state of affairs for retail cyber security. General trends are more security incidents and less investment in IT security.
Retail Risk Reality 2016: The New Year’s New Vulnerabilities, IBM, 2016. (PDF)
This is great article on the potential cyber risk areas for retailers. It offers information on current threats and tactics to watch for in 2016.
Slava Gomzin, Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions (Hoboken: Wiley, 2014). (Amazon)
For anyone who needs to secure payment data, this is a must-read. It offers insight into how a hacker thinks about hacking a retailer and what you should consider to protect against an intrusion.
Modern Retail Security Risks: Avoiding Catastrophic Data Breaches in the Retail Industry (Ann Arbor: Duo Security, 2014). (Duo Security)
This guide is a little dated, but it is still helpful in that it highlights key concerns and considerations a retailer should take into account for cyber security.
Webinars are a useful resource for infosec professionals. They are commonly recorded, allowing personnel to refer back to them whenever they need to do so, and in real-time, they allow attendees to pose questions to leading security experts in the field. Here are just a few webcasts that retail infosec pros might find useful.
“Retail Cyber Threat Summit: Insights and Strategies from Industry Experts,” Tripwire, 2015. (Watch here.)
This webinar summit is well worth hearing for professionals in retail cyber security. ou will gain key insight and guidance on how to defend against retail breaches.
“Retail Security: Closing the Threat Gap,” Tripwire, 2014. (Watch here.)
Here you can learn more about the retail threat landscape from industry experts. More importantly, you can learn what to do to mitigate against potential threats in your organization.
Finally, we have a few LinkedIn groups that infosec professionals working in the retail industry can join so that they can share ideas and connect with other like-minded individuals.
- Retail IT & E-Commerce
- eCommerce Executive Network
- Retail ICT Infrastructure
- ASIS Retail Loss Prevention Council
- Point of Sale Network
- PCI SSC Community Meetings
There is also a special cyber security initiative from Retail Industry Leaders Association (RILA.)
Are you an information security professional in the retail field? Do you rely on a resource that is not covered above? If so, please let us know in the comments.
In the meantime, please stay tuned for the next installment in our series when we tackle resources available to healthcare infosec pros.
Title image courtesy of ShutterStock