Warning issued to retailers’ CISOs worldwide after three attacks in UK

Posted on by

Retail IT networks hard to secure

Traditionally, IT networks of retailers have been difficult to secure, said Robert Beggs, head of Canadian-based DigitalDefence, an incident response firm. These chains are distributed entities with multiple data networks and applications that frequently contain legacy systems and have a mobile workforce, he noted. In addition, they handle large volume of financial transactions and are very sensitive to any amount of network downtime. Combined, that makes them ideal targets for a cyber attack, he said.

There could be two factors in the recent UK attacks, Beggs said:

First, a group may be targeting UK retailers because they understand the business processes and target architectures (network, devices and servers, operation of PoS devices, security controls) common in that vertical. More importantly, he added, they may have identified and know how to implement a consistent social engineering attack that works particularly well with UK retailers.