Fortinet Warns of Escalating Cyber Threats in Local Retail Sector

Posted on Sep 18, 2013 in THE LATEST | 0 comments

Sept 18, 2013 (Wed): The proliferation of Wi-Fi connected tablets for sales service personnel and in-store customer Wi-Fi access are fuelling the complexity of the security challenges for major retailers in Malaysia. According to a recent Fortinet report, retail remains among the top 3 industries to be targeted by cyber criminals, who are particularly aiming for vulnerabilities at the store level. Retail companies that suffer a security breach in which customer data is lost or stolen will have to deal with widespread negative publicity.

“The retail industry is fast becoming a major target for cybercriminals. For retailers with stores throughout Malaysia, secure network connectivity linking all sites to head office is critical to business operating processes. Given the squeeze of IT budgets, comprehensive and up-to-date security measures in store may not always be a priority. When the network is breached, IT services can become unavailable and data can be lost with serious consequences to the business,” said Dato’ Seri George Chang, Fortinet’s Vice President for Southeast Asia & Hong Kong.

He pointed out that retailers need cost-effective network security solutions in their stores to mitigate risk to their business and prevent the financial and reputational damage created by a data breach or lengthy system downtime. More importantly, they need to define a security strategy that address the key pillars of their distributed environment and ensure that their security infrastructure is not only robust, but scalable, easy to manage and cost-effective from kiosk to superstore.

“Securing the retail store network environment has never been more important than it is today. Advanced next generation security systems such as those from Fortinet enable retailers to secure multiple, geographically dispersed sites, systems and critical applications, such as inventory control and point-of-sale (POS). These next-generation security devices and virtual appliances are purpose-built to provide rapid deployment of essential advanced security technologies, along with the flexibility to scale with remote sites and growth plans,” said Eric Chan, Fortinet’s Regional Technical Director for Southeast Asia & Hong Kong.

To address today’s complex in-store security, Fortinet urged Malaysia’s retail industry to look into the following requirements to fortify their network security infrastructure:

1. Multi-threat security systems – Protecting against malware attacks that are equipped with advanced malicious threat technologies requires much stronger threat prevention techniques than those just looking for static viruses that match a signature.
2. High performance for excellent customer experience – With the increasing number of endpoints, applications and higher volumes of data, each in-store network must provide high-performance for continuous credit card processing and point of sale connectivity to maximize the customer experience and interaction. In order to maintain high throughput and reliability, the increasingly complex in-store network must have security solutions that don’t create any performance bottlenecks as they inspect and filter traffic for threats and malware. High performance and low latency of traffic flows is especially important during peak transaction periods.
3. In-depth defense for the in-store wireless LAN – Recently publicized data breaches in the retail industry have exploited vulnerabilities in store wireless networks. Attackers have been able to access sensitive applications regardless of security systems, such as firewalls and VPNs, back to head office or security measures in data centers. It is no longer staff, auditors and training contractors who visit stores and need to use their laptops or tablets to access corporate systems and data. In-store reps are also being provided with wireless tablets to increase interactivity with customers, while some retailers are looking to differentiate services with wireless kiosks, flexible wireless digital signage and customer access through their own devices. All this increases the security management headache with escalating endpoint and wireless security.
4. Adopting innovative in-store services – New applications and devices designed for multi-channel retailing in-store are promising to increase retail operations efficiency and drive revenue and customer loyalty. But if these advanced technologies need to be provided with security in mind, they also make the retail environment more vulnerable to threats. Support of cutting edge customer applications will become commonplace in the next 5 years – such as augmented reality applications used as customers move through the store and/or in-store Wi-Fi access to online systems and loyalty schemes.
5. PCI-DSS Compliance Support – With in-store networks carrying credit card transactions, PCI compliance requirements must be satisfied. Security monitoring and rogue detection are explicit requirements in the PCI standard, so it is imperative that Malaysian retailers are able to analyze user and device behaviour on the in-store network and respond to any threat. Event logging, analysis and reporting capabilities are essential to enable firms to demonstrate compliance with PCI-DSS and other regulations.