By Mike Desai, Executive VP of International Identity Security at SecureAuth
The annual shopping season is already underway, signalling the busiest time of the year for retailers. With the continued decline of footfall on the high street and increased competition from online outlets, retailers are under increasing pressure to maintain sales and maximise profits with both a user friendly but secure online shopping experience for consumers. This had led to the era of digital transformation where consumers are shopping from numerous devices, managing orders and critical financial details such as payment information. As a result, financial institutions are being forced to step up their vigilance to protect against both fraud and cybercriminal activity. The high-value nature of the data that financial organisations and retailers hold makes them key targets for cybercriminals, who will persistently scan for identities and vulnerabilities to exploit. The increased online traffic provides ideal conditions for bad actors to launch malware attacks, phishing campaigns, and use stolen or compromised credentials. In addition, it provides an opportunity for malicious activity to hide amongst the noise.
Retailers hold a vast amount of personal information on its customers, including banking details, addresses and sometimes even dates of birth. However, portals where customers can view these details are often not adequately protected, sometimes only utilising only password protection without additional layers of security. In the final two months of the year, there is a recognised spike in the level of online activity and rate of financial transactions, meaning that systems are under pressure to maintain security at scale. Use of stolen credentials is one of the most popular methods used by attackers who attempt to gain access to customer portal, escalate privileges and move laterally to complete their mission. Phishing attacks are a well-known method where consumers are tricked into sharing their credentials with cybercriminals posing as legitimate and trusted companies or personnel. Retailers are then tasked with verifying the user’s identity and recognising if login attempts are suspicious. Concurrently, financial organisations must be vigilant in monitoring for anomalous activity and act quickly to investigate and provide additional security challenges where appropriate.
Defending against attacks during the festive season requires a comprehensive and multifaceted approach and financial organisations can implement risk mitigation strategies to protect sensitive data:
Utilise penetration testing: Pen testing can be a beneficial tool to help identify weaknesses in infrastructure, which can be addressed and secured to help improve the overall security posture. As part of this, social engineering attacks can be simulated as part of an education programme, to test and train employees and make them aware of the heightened risk during the holiday season.
Demonstrate knowledge of the network and prioritise vulnerabilities: Understanding network topology is vital, particularly with regards to the attack path associated with gaining access to command and control (C&C) infrastructure. Remediating and patching any vulnerabilities that would give access to critical infrastructure must be prioritised in advance of the start of the festive season.
Understand access risk within the environment: Clear protocols surrounding access privileges of different individuals are critical and abandoned or orphaned accounts must be remediated. In addition, full control of privileged accounts is necessary, to attest and certify that the right people have the right privileges.
Constantly monitor network traffic: Using network detection and response tools can help gain visibility to infected devices or anomalous activity on the network quickly. This enables immediate action to prevent the spread of an attack by limiting access to command and control infrastructure.
Enhance user authentication techniques: Passwords are still being used as a method of authentication, but they are notoriously insecure and an age-old method that attackers can easily circumvent. To bolster passwords, multi-factor authentication should be implemented, which considers additional factors (that is something you have, something you know and something you are for example, a fingerprint biometrics). Security layers can be added to the authentication step which takes factors such as device recognition and geo-location into account to add content to the login attempt. If any risk is present, then additional challenges can be implemented.
Attacks on financial institutions show no sign of slowing down and bad actors will utilise a range of tactics to penetrate defences. This includes taking advantage of peaks of activity that occur through specific periods of the year. The increased online traffic during the festive season provides an opportunity for bad actors to exploit and leverage the ‘noise’ surrounding financial transactions, resulting in identity-related breaches. However, there are steps that financial organisations can take to enhance defences to protect sensitive information which involves having a deep understanding of the vulnerabilities and activity in their network and employing stringent verification at the login phase. By continuously managing risk and implementing a consistent and comprehensive strategy, customer’s data will be kept secure, thereby maintaining trust over the holiday period.
