Preventing Another Target Attack For retailers that don't want to be the next Target or Neiman Marcus, here are three tips they can do to protect themselves.

By Eric Basu

Opinions expressed by Entrepreneur contributors are their own.

Shutterstock

While Target's credit-card security breach continues to get ugly, the real alarming part, is they weren't alone. At least five other major retailers were also hit during the same holiday period. While the total number of records in the other attacks was one-tenth that of Target, the assailants still stole an average of 27,000 records per store using the same techniques.

The obvious question becomes, "What can be done by retail businesses to both detect and to protect against this specific threat?" To be fair, there are established Payment Card Industry (PCI) compliance standards that are designed to assist retailers in thwarting point-of-sale (POS) attacks like the ones inflicted recently. The controls, however, are worded in ways that are open to interpretation and often are not explicit enough in their language to ensure comprehensive security controls are effectively implemented.

While PCI provides an excellent starting point and also includes many traditional information security best practices, it cannot be expected as a mere standard -- to canvas the entirety of what it means to operate in a secure state as an organization. Other activities are required.

To that end, here are three other points retailers should implement above and beyond the minimum standard.

Related: Keeping Your Intellectual Property Safe and Sound

Individually lock down every single POS system component. A POS terminal or collector must be used solely for that single purpose -- to make transactions. So every other unnecessary service and process should be disabled. For example, the local or remote operator should not be able to browse the internet, receive emails or perform any action that is not a direct functional requirement for the POS to function. If the terminal does need connectivity to the Internet, the specific service protocols should be the only ones allowed to leave the system and the traffic should be encrypted.

Employ monitoring software for the overall network. There are next generation software solutions that effectively visualize network traffic, break down machine-to-machine connections by service protocols and allow filtering by machine, service or even internet destination. For example, a North American-based retailer using a payment processing partner from the same continent should not see outbound connections from a POS terminal to places like Russia, China or Brazil. If they do, the connection should be dropped and the security administrator should be notified of the machine initiating the connection.

Related: Why Your Small Business Is at Risk of a Hack Attack

Implement application-level security practices. Application security is an often overlooked layer of security in POS environments. Keeping such programs up to date with the latest versions and patches as well as performing penetration tests on both internal- and external-facing interfaces would have gone a long way to preventing the lateral movements the Target attackers were able to pull off in a short amount of time. Companies that develop in-house applications should also ensure they are designed securely from the get go, performing both static and active secure code reviews at every minor release. Furthermore, only authorized white-listed applications should be allowed to run and properly identified.

We have arrived at a state where cyber attacks against payment systems have become pervasive, massive, damaging and embarrassing. The boardroom rationalizations of the last decade no longer serve the business' profitability or survivability. Risk cannot simply be transferred to insurance like it could before -- at least not without serious damage to goodwill, customer-base trust and future lost revenue. Security controls are meaningful and next-generation ones are no longer just a necessary evil. They are business enablers necessary to protect profits.  

Related: Think China is the No. 1 Country for Hacking? Think Again.

Wavy Line
Eric Basu

CEO of Sentek Global

Eric Basu is the CEO of Sentek Global, a provider of government and commercial cybersecurity and information technology solutions. 

Editor's Pick

A Father Decided to Change When He Was in Prison on His Son's Birthday. Now His Nonprofit Helps Formerly Incarcerated Applicants Land 6-Figure Jobs.
Lock
A Teen Turned His Roblox Side Hustle Into a Multimillion-Dollar Company — Now He's Working With Karlie Kloss and Elton John
Lock
3 Mundane Tasks You Should Automate to Save Your Brain for the Big Stuff
Lock
The Next Time Someone Intimidates You, Here's What You Should Do
5 Ways to Manage Your Mental Health and Regulate Your Nervous System for Sustainable Success

Related Topics

Leadership

How to Identify and Handle Toxic Business Leadership

Toxic business leaders are the danger of modern corporate life. Unfortunately, they may hide behind good reputations. Let's discuss four signs of toxic leadership and strategies to deal with it.

Business News

'I've Got the Bug for Business': See All of Mark Wahlberg's Entrepreneurial Endeavors, From Marky Mark and the Funky Bunch to Wahlburgers

Mark Wahlberg owns businesses in several categories, including entertainment production, apparel, fitness, and nutrition.

Growing a Business

The Best Way to Run a Business Meeting

All too often, meetings run longer than they should and fail to keep attendees engaged. Here's how to run a meeting the right way.

Fundraising

Working Remote? These Are the Biggest Dos and Don'ts of Video Conferencing

As more and more businesses go remote, these are ways to be more effective and efficient on conference calls.

Business News

South Park Creators Spent 'Infinity Dollars' Renovating Iconic Colorado Restaurant, Set to Reopen Soon

Casa Bonita, a long-time favorite of South Park creators Trey Parker and Matt Stone, went bankrupt during the pandemic. The duo purchased and painstakingly renovated the Mexican spot "like a piece of art," Stone said.

Business News

'I Am Just Floored': Woman Discovers She Won $1 Million Lottery Prize While Checking Her Email at Work

Initially, she thought the email was a scam, but went to lottery headquarters and walked away with a six-figure check after taxes.