Blogs & Stories

Trustwave Blog

The Trustwave Blog empowers information security professionals to achieve new heights through expert insight that addresses hot topics, trends and challenges and defines best practices.

How to Stay One Step Ahead of Retail Hackers

They are glorified in Hollywood as unbeatable masterminds, and ubiquitous in real-world headlines for bringing down household retail brands. No one doubts that hackers are the smart guys, but are they the smartest? Perhaps the better question is: Is it even possible to stay one step ahead of them in the fight against cybercrime?

It's a no-brainer why adversaries target retailers: They hold and process vast amounts of financial information about customers. Advisory firm Quocirca recently found that 70 percent of European merchants admit they've been targeted by attackers, with 45 percent of those attempts successful and a third of them resulting in data loss.

According to the 2015 Trustwave Global Security Report, 43 percent of our data breach investigation caseload were in the retail industry, including brick-and-mortar and e-commerce websites.

It isn't an unbeatable war though. Retailers can and do survive cybercrime. How did they get back to business as usual so fast? Because they were protected by intelligent systems developed by experts who knew how to outsmart the hackers.

Cybercrime fighters (the good guys in Hollywood movies) know how to think like the criminals, which is why they win more than they lose.

But how do ethical hackers develop solutions that can outsmart malware not yet seen. Specialist companies like Trustwave draw on first-hand experiences from the field. The unique research they have amassed - from examining billions of security events, tens of millions of web transactions, millions of network vulnerability scans, and thousands of penetration tests - builds an incredible picture of how hackers behave, and can reliably predict what they're likely to try next.

Look For Vulnerabilities Like a Hacker Would

It's one thing to know your enemy, but how well do you know your own system and processes, end to end? Hackers leverage that lack of big-picture understanding to their advantage. There's a good chance they already know your system better than you do if they've decided to target you.

Hackers are always looking for new ways to compromise systems, sometimes via unexpected channels. 98 percent of the applications we tested were vulnerable to an attack, with a median of 20 vulnerabilities found per application.

This is why it's critical that either your own staff, or an outside expert, looks at your system and processes for weaknesses in the same way a hacker would. This enables you to develop a strong, unified security strategy that is prepared for attack from every angle.

Adopt a Multi-Layered Defense Strategy

A unified, multi-layered strategy doesn't just build a firewall around your database. It goes much further to protect you and your customers from risk by considering every aspect of an attack. It will manage threats to your email security, network, website, applications and content, and will prevent and detect intrusion. It will minimize damage, maintain compliance and install a fast recovery procedure. Finally, it will guard every entrance, responding to threats instantly.

Remember, knowledge is power. The intelligence exists to outsmart the hackers over and over again, and the good guys can, and do, win.

Jane Dotensko is Trustwave marketing manager in EMEA.