To Prevent Cyberattacks, Minimize IT Vulnerabilities

Prevention, not just detection, is critical to thwart cybercriminals targeting c-store networks.

February 26, 2020

This is the second of a three-part NACS Daily series. Today: Prevention.

By Jerry Soverinsky

ALEXANDRIA, Va.—While convenience stores find themselves in the crosshairs of cybercriminals, a compromise is not inevitable, cybersecurity professionals insist. Instead, retailers should proactively reassess their IT infrastructure and antivirus protection to minimize the impact from cyberattacks.

“While many IT staff are good at defensive security, they haven’t really worked with systems that are under attack and therefore don’t necessarily know what they are looking for,” said Mark Carl, chief executive officer of ControlScan. “Firewalls will not completely keep attackers out of environments.”

The key is pursuing a proactive posture, one predicated on prevention, Carl said, rather than a reactive one, which operates on detection. The latter is characterized by signature-based antivirus software that spots known threats. But systems that rely on such protection are vulnerable to new strains. The network systems for large enterprises include hundreds/thousands of endpoints, each of which creates an additional vulnerability for the company.

“Advanced threat detection and response capabilities must be employed to fully protect the environments,” Carl said. Solutions such as Managed Detection and Response (MDR) from third-party vendors “deploy advanced endpoint security to all assets, active email monitoring and logging all activity to a centralized SIEM. But the most important part remains the human factor. Only staff that understand specific tactics and methods of a sophisticated adversary are likely to detect them, as is demonstrated with recent successful breaches that went undetected by IT staff for months.”

Carl said that even with advanced detection solutions in place, a retailer should focus on making sure that systems are closely monitored: “The right team will proactively monitor the entire environment 24/7/365 to know when a compromise has occurred, will have tools to quarantine individual systems from the environment and will take immediate action to contain and limit the scope of the attack.”

Jim Shepard, director of Data Protection and Reg Compliance for Phillips 66, agrees. “As a merchant, your core business activity is selling products, and you may not have the staff to successfully manage the security of your operating environment. That’s when it’s necessary to get help with a managed security provider.”

According to Phillips 66, the stakes are significant, and perfection is the only acceptable outcome. “We have to get it right 100% of the time. The crook has to get it right just once,” Shepard said.

Read the first installment of the three-part series here. Coming Friday: Remediation.

Jerry Soverinsky is a Chicago-based freelance writer and NACS Magazine contributing writer.