In my last blog post, we discussed how the Cisco SAFE methodology can help you to implement a reliable security solution for your store. This approach can help you define and address each threat to the retail branch with corresponding security capabilities, architectures, and designs – guiding you to a complete security solution against everything from worms to ransomware attacks.
Now, let’s take a closer look at the methodology itself. For a true security solution, your store needs to be protected on a number of different fronts, or “attack surfaces.” The SAFE methodology breaks these down into five core components: Humans, Devices, Access, Distribution/Core, and Services.
The 5 components of a secure store
The people who use your store network are generally either employees or remote access users such as partners (increasingly supply chain partners). No amount of technology can prevent successful attacks if people in your company, both internal and partner users, aren’t trained to keep security in mind. That’s why we recommend complementing your security technology with regular awareness training and acceptable use policies for internal users, partners, and customers. In other words, security is also a change management responsibility.
Mobile devices such as tablets and phones are also part of the security architecture. This means that, if you aren’t using the network as a sensor, you’re not secure. Such visibility allows for effective containment through intelligent architectural design. It’s equally important to ensure that client devices are secure and that malicious devices are promptly quarantined.
The access layer is where users and devices connect to the company network. As you can imagine, this is a major target for hackers and should therefore be the first line of defense within the Secure Branch architecture. For example, the access layer is where the recent WannaCry attack took place, over a Microsoft-based TCP port. The network as a sensor uses flow analytics to capture anomalies and provide visibility to attacks. Its purpose is to identify the users, to assess compliance to policy of devices seeking access to the network, and to respond appropriately.
In-store networks have traditionally been built with the singular purpose of connecting point of sale (POS) systems to the corporate network. Recent security breaches, however, make it clear that such network architectures are no longer viable (Cisco, 2016). Instead, by segregating access from services, the core separates business traffic into discrete flows, helping assure security of cardholder and other data.
Services connect the Secure Store to the outside data center, cloud, and Internet via service providers. It connects the access and distribution layers inside the branch to the security and inspection capabilities as well.
Thinking about applications
The 2016 Cisco security study also found that the highest security risk came from connected third-party cloud apps: nearly one-third (27 percent) of these apps created an issue. These open authentication connections touch the corporate infrastructure and can communicate freely with corporate cloud and software-as-a-service (SaaS) platforms after users grant access. However, the Ponemon Institute also found that application security controls can minimize the cost of cybercrime, and that overall, a strong security profile lets companies innovate while reducing the average cost of cybercrimes by nearly $3 million annually (2016).
Never stop thinking about security
A multi-layered approach to security such as SAFE can help you increase visibility and preparedness before, during, and after an attack. This enables a stance of constant readiness, response, and resiliency, and is designed to address threats throughout every business operation, process, and interaction.
For a more detailed description of the SAFE methodology in the branch, please see the new report, Why Hackers Love Retail: And What You Can Do About It with Cisco SAFE.
Be sure to follow Cisco at @ciscoretail.