How organisations can prepare for the holidays
Getting ready for the holiday season Trey Ford, Global Security Strategist at Rapid7, has given his opinion on a rundown on how organisations can prepare for the days ahead when it comes to their security.
As we enter the Christmas shopping season, many retail organisations go into a “production freeze” where they halt updates and configuration changes in their payment and order fulfillment systems to limit the risk of interruption and slowdowns to mission critical systems. IT teams and security folks are scrambling to test and lock in configurations, verify controls, and plead to their respective deities that systems perform exactly as intended during the shopping rush.
This creates a particularly interesting situation: there will be very little in the way of updates to those systems over the next 90 days. Any steps to prevent an incident – that would make an organisation a harder (or more expensive) target for criminals — are now on hold until after the holiday rush.
Think of this in terms of the security lifecycle: Prevent, Detect, Correct – it’s also a good way to simplify the NIST cyber security framework1,2 from this point forward, energy investment should shift from prevent, to detect and correct.
Attackers already inside an organisation will stay quiet until the time is right, as they will see more credit cards in the next couple of weeks than the next six months
How organisations can prepare for the days ahead:
- Check all third party access and remote access pathways into payment networks.
- Change passwords and lock out vendors that do not need access right now.
- Be 100% confidant that payment networks do not have access to the internet, on any protocol, in any way. Some systems do online payment clearance and settlement – makes sure those systems can only talk to specified host names or addresses on
- Double and triple check network restrictions and segmentation, make sure guests and contractors cannot find a path into the payment networks.
- Some organisations have enough similarity in their systems (like point of sale registers and kiosks) they can compare live systems to “known good” configurations – look for anomalies.
- Carefully observe account behavior. Monitor for and immediately investigate out of character behavior and login events from unexpected locations, especially in sanitized zones like payment networks, web, and database systems.
- Increase your visibility through information sharing. There are groups like the R-CISC where retailers are safely sharing information and actively identifying attacker tools and techniques, as well as tips on how to identify if they have a foothold in your environment.
Image Source: Pixbay