Fortinet Warns of Escalating Cyber Threats in Local Retail Sector

Retail remains among the top 3 industries to be targeted by cyber criminals, who are particularly aiming for vulnerabilities at the store level 

MALAYSIA, September 18, 2013 –The proliferation of Wi-Fi connected tablets for sales service personnel and in-store customer Wi-Fi access are fuelling the complexity of the security challenges for major retailers in Malaysia. According to a recent Fortinet report, retail remains among the top 3 industries to be targeted by cyber criminals, who are particularly aiming for vulnerabilities at the store level. Retail companies that suffer a security breach in which customer data is lost or stolen will have to deal with widespread negative publicity.

“The retail industry is fast becoming a major target for cybercriminals. For retailers with stores throughout Malaysia, secure network connectivity linking all sites to head office is critical to business operating processes. Given the squeeze of IT budgets, comprehensive and up-to-date security measures in store may not always be a priority. When the network is breached, IT services can become unavailable and data can be lost with serious consequences to the business,” said Dato’ Seri George Chang, Fortinet’s Vice President for Southeast Asia & Hong Kong.

He pointed out that retailers need cost-effective network security solutions in their stores to mitigate risk to their business and prevent the financial and reputational damage created by a data breach or lengthy system downtime. More importantly, they need to define a security strategy that address the key pillars of their distributed environment and ensure that their security infrastructure is not only robust, but scalable, easy to manage and cost-effective from kiosk to superstore.

“Securing the retail store network environment has never been more important than it is today. Advanced next generation security systems such as those from Fortinet enable retailers to secure multiple, geographically dispersed sites, systems and critical applications, such as inventory control and point-of-sale (POS).  These next-generation security devices and virtual appliances are purpose-built to provide rapid deployment of essential advanced security technologies, along with the flexibility to scale with remote sites and growth plans,” said Eric Chan, Fortinet’s Regional Technical Director for Southeast Asia & Hong Kong.

To address today’s complex in-store security, Fortinet urged Malaysia’s retail industry to look into the following requirements to fortify their network security infrastructure:

1. Multi-threat security systems - Protecting against malware attacks that are equipped with advanced malicious threat technologies requires much stronger threat prevention techniques than those just looking for static viruses that match a signature.

2. High performance for excellent customer experience - With the increasing number of endpoints, applications and higher volumes of data, each in-store network must provide high-performance for continuous credit card processing and point of sale connectivity to maximize the customer experience and interaction. In order to maintain high throughput and reliability, the increasingly complex in-store network must have security solutions that don’t create any performance bottlenecks as they inspect and filter traffic for threats and malware. High performance and low latency of traffic flows is especially important during peak transaction periods.

3. In-depth defense for the in-store wireless LAN - Recently publicized data breaches in the retail industry have exploited vulnerabilities in store wireless networks. Attackers have been able to access sensitive applications regardless of security systems, such as firewalls and VPNs, back to head office or security measures in data centers. It is no longer staff, auditors and training contractors who visit stores and need to use their laptops or tablets to access corporate systems and data. In-store reps are also being provided with wireless tablets to increase interactivity with customers, while some retailers are looking to differentiate services with wireless kiosks, flexible wireless digital signage and customer access through their own devices. All this increases the security management headache with escalating endpoint and wireless security.

4. Adopting innovative in-store services - New applications and devices designed for multi-channel retailing in-store are promising to increase retail operations efficiency and drive revenue and customer loyalty. But if these advanced technologies need to be provided with security in mind, they also make the retail environment more vulnerable to threats. Support of cutting edge customer applications will become commonplace in the next 5 years - such as augmented reality applications used as customers move through the store and/or in-store Wi-Fi access to online systems and loyalty schemes.

5. PCI-DSS Compliance Support - With in-store networks carrying credit card transactions, PCI compliance requirements must be satisfied. Security monitoring and rogue detection are explicit requirements in the PCI standard, so it is imperative that Malaysian retailers are able to analyze user and device behaviour on the in-store network and respond to any threat. Event logging, analysis and reporting capabilities are essential to enable firms to demonstrate compliance with PCI-DSS and other regulations.


Fortinet警戒在本地零售业内不断升级的网络威胁
零售商仍是网络犯罪分子首三个瞄准的行业，特别是针对商店级别的脆弱性

马来西亚，2013 年9月18日— 无线平板连接和店内顾客网络连接的扩展增添了大部分马来西亚零售商安全挑战的复杂性。根据Fortinet近期的报告，零售业仍然保持了网络犯罪分子瞄准的首三个行业，特别是针对商店级别的脆弱性。遭受安全漏洞的零售公司丢失或被盗客户数据将不得不面对广泛的负面宣传。

“零售业正迅速成为网络犯罪分子的主要目标。对于商店覆盖全马的零售商，确保网络安全连接所有站点到总公司的业务操作流程是非常关键的。由于IT预算的局限，全面和最新的安全措施不总是优先的事项。当网络被攻破，IT服务变得无技可施和数据可能会丢失，造成业务蒙受严重的后果。” Fortinet东南亚及香港区域副总裁拿督斯里George Chang表示。

他指出，零售商的商店需要符合成本效益的网络安全解决方案，以减轻他们的业务风险和因数据外泄或冗长的系统停机时间而造成的财务和声誉损害。更重要的是，他们需要一个安全策略来处理分布式环境中的关键支柱并确保他们的安全基础设施不仅是强大的，同时也可扩展、容易管理和符合资讯亭至大型超市的成本效益。

“今天，保护零售商店的网络环境变得前所未有的重要。先进的下一代安全系统如Fortinet能让零售商保护多个地理上分散的站点、系统和关键应用程序，如：库存控制和销售点终端(POS)。这些下一代安全设备和虚拟设备是为了提供先进安全科技快速的调度，以及衡量远程站点和发展计划的灵活性。”Fortinet东南亚及香港区域技术总监Eric Chan表示。

要解决当今复杂的店内安全，Fortinet 公司催促马来西亚的零售业，正视以下的需求以巩固他们的网络安全基础设施：

1. 多重威胁安全系统 – 防止配备先进恶意威胁技术的恶意攻击，需要比那些只是寻求静态病毒匹配签名更强大的威胁防御技术。

2. 高性能的卓越客户体验 – 随着端点、应用程序的增加和更高的数据量，每个店内网络一定要提供高效能的信用卡持续性处理和销售点终端的连接，以最大限度地提高客户体验和互动。为了维持最高的贯穿和可靠性，日益复杂的店内网络一定要有不会创建任何执行瓶颈的安全解决方案，为他们检查和过滤威胁和恶意软件的流量。高执行力和低延迟的流量在交易高峰期尤其重要。

3. 强化防御店内的无线网络 – 最近公布在零售业内的数据泄露是利用店内无线网络的脆弱性。攻击者已经能够绕过安全系统，如：防火墙和虚拟专用网络（VPN）接入敏感的应用程序，再回到总行或数据中心的保安措施。它不再是上门到商店需要用他们的笔记本电脑或平板电脑来接入企业系统和数据的工作人员、编辑和培训承办人员。店员也会被提供无线平板来增加与客户的互动，而一些零售商则正在寻找无线资讯亭不同的服务、灵活的无线电子标牌和通过客户自身的设备接入。逐步上升的端点和无线安全都让安全管理层加倍头痛。

4. 采用创新的店内服务 – 专为多频道零售店内设计的新应用程序和装置可增加零售业务的效率、增长收入和客户忠诚度。但如果这些先进的技术必须考虑到安全性，他们也会让零售环境更容易受到威胁。尖端客户应用程序的支援在未来5年将变得司空见惯，如：增强作为现实性的应用程序以确保客户通过商店和/或在店内的无线网络连接入网络系统和忠诚度计划的安全。

5. PCI-DSS 合规性支援 – 在店内网络承载的信用卡交易下，PCI合规性的需求必须符合。安全检测和流氓检测是PCI标准的明确要求，因此当务之急的是，马来西亚零售商能够在店内网络分析用户和装置行为，并对任何威胁作出反应。不可或缺的事件记录、分析和报告功能，使公司能够证明其符合PCI-DSS合规性和其他法规。