COMMENT FROM TREY FORD, GLOBAL SECURITY STRATEGIST, RAPID7.

As we enter the Christmas shopping season, many retail organisations go into a “production freeze” where they halt updates and configuration changes in their payment and order fulfillment systems to limit the risk of interruption and slowdowns to mission critical systems. IT teams and security folks are scrambling to test and lock in configurations, verify controls, and plead to their respective deities that systems perform exactly as intended during the shopping rush.

This creates a particularly interesting situation: there will be very little in the way of updates to those systems over the next 90 days. Any steps to prevent an incident – that would make an organisation a harder (or more expensive) target for criminals — are now on hold until after the holiday rush.

Think of this in terms of the security lifecycle: Prevent, Detect, Correct – it’s also a good way to simplify the NIST cyber security framework1,2 from this point forward, energy investment should shift from prevent, to detect and correct.

Attackers already inside an organisation will stay quiet until the time is right, as they will see more credit cards in the next couple of weeks than the next six months combined.

 Stay Updated To Save Money & Time. Join Our Free Newsletter 
. Indepth Analysis & Opinion       . Interviews      . Exclusive Reports  
. Free Digital Magazines      News & updates      . Event Invitations 
                     
& Much More Delivered To Your Inbox For Free.
Submit
We Will Not Spam, Rent, or Sell Your Information.
All emails include an unsubscribe link. You may opt-out at any time. See our privacy policy.

 

How organisations can prepare for the days ahead

  • Check all third party access and remote access pathways into payment networks. Change passwords and lock out vendors that do not need access right now.
  • Be 100% confidant that payment networks do not have access to the internet, on any protocol, in any way. Some systems do online payment clearance and settlement – makes sure those systems can only talk to specified host names or addresses on defined ports.
  • Double and triple check network restrictions and segmentation, make sure guests and contractors cannot find a path into the payment networks.
  • Some organisations have enough similarity in their systems (like point of sale registers and kiosks) they can compare live systems to “known good” configurations – look for anomalies.
  • Carefully observe account behaviour. Monitor for and immediately investigate out of character behaviour and login events from unexpected locations, especially in sanitized zones like payment networks, web, and database systems.
  • Increase your visibility through information sharing. There are groups like the R-CISC where retailers are safely sharing information and actively identifying attacker tools and techniques, as well as tips on how to identify if they have a foothold in your environment.3

 Stay Updated To Save Money & Time. Join Our Free Newsletter 
. Indepth Analysis & Opinion       . Interviews      . Exclusive Reports  
. Free Digital Magazines      News & updates      . Event Invitations 
                     
& Much More Delivered To Your Inbox For Free.
Submit
We Will Not Spam, Rent, or Sell Your Information.
All emails include an unsubscribe link. You may opt-out at any time. See our privacy policy.

 
Close
Stay Updated To Save Money & Time. Join Our Free Newsletter. 
. Indepth Analysis & Opinion       Interviews          . Exclusive Reports 
. Free Digital Magazines        . News & updates        . Event Invitations
& Much More Delivered To Your Inbox For Free. 
Submit
We Will Not Spam, Rent, or Sell Your Information.
All emails include an unsubscribe link. You may opt-out at any time. See our privacy policy.
 
Close