Cyber Monday Halftime - Actionable Guidance for Retail Teams

Blog Post created by treyford Employee on Dec 1, 2014

Today is Cyber Monday, a major online shopping day following U.S. Thanksgiving that continues the frenzied retail activities of Black Friday, and the growing inclination toward online shopping (rather than camping on a sidewalk in the dead of winter) means online performance matters.


Said slightly differently, retail analysts project 2.5 BILLION USD to spent online today.


At this point in the season, retailers have solidified their security plans and processes—the monitoring and resilience capabilities of those plans will be tested for the next three weeks.


Retailers: Hold Fast, Remain Vigilant

Most retail organizations will be in production freeze—monitoring the uptime and throughput performance of their eCommerce and Point of Sale (POS) environments, with no changes or contact with the environment permitted (beyond emergency repairs…) While avoiding contact with those systems, we encourage retail security teams to consider taking some of these actions during the holiday shopping surge:


  • Double-check network restrictions and segmentation. What third parties have access to your network, and what can they access? There are other groups to consider too—like customers, contractors, service providers and others in your supply chain of partners and vendors. Several data breaches originated from overlooked third-parties being breached—giving attackers an easy access to the core retail systems.

  • Be sure to check both lateral movement and egress routing and port restrictions - do Point of Sale or Payment Servers have outbound access to the broader Internet? Do they need it? Can you restrict that down to specified servers or destinations? (You may want to check NetFlow to see what they are actually talking to.)


  • Do some kind of quick refresher or reminder on security standards and expectations for employees, remind them of typical social engineering schemes, scenarios and techniques—but be super efficient and deliberate: only hit on what you think is most critical for the next three weeks.

  • Empower your users and employees as custodians and caretakers. (What do we mean by caretaker? A little more on that in this post.)


  • Wireless is a fun brick-and-mortar challenge. Most enterprise environments won’t touch network access at this point in the year—even if you can’t rotate keys or access controls, focus on monitoring. Depending on your guest or contractor access segments look like, consider watching for systems that are online too long or too often. Identify MAC addresses of employees or contractors—flag devices that stay on those segments indefinitely (perhaps a threshold of 24 hours or greater?)—and zero in on what they are doing. For smaller shops, you may still have the ability to rotate keys during planned outages or after hours.

Remember your Friends and Family

The flipside to retailers taking security measures is making sure consumers take as many precautions as possible to minimize exposing themselves and their credit card information to risk. We saw in the Verizon Data Breach Report this year that user credentials, including email accounts, were one of the most-frequently targeted during this year’s surge of high-profile retail breaches. This trend will likely continue, and we expect even more malicious phishing campaigns than usual.


In reality, the security advice above applies all year-round, but this time of year, everyone should use an abundance of caution and have a healthy dose of skepticism about anything that really sounds too good to be true—so, as always, remind employees that they should not open any unexpected emails, especially from third-party vendors.


Specifically, they should be wary of unsolicited emails, phone calls or SMS messages offering holiday deals, giveaways, promotions, charities or other shopping incentives. Fraudsters are better equipped this holiday season, they will start their campaigns building on all the data they’ve collected through this year’s breaches—they will exploit anything they can.

We all love to name drop Boyd’s OODA Loop, Sun Tzu, or even go Vince Lombardi from time to time. This year, be deliberate in preparing to be your own “Monday Morning Quarterback:” Take notes, keep them central. Any time someone says “I sure we wish we <this>” … WRITE IT DOWN.

Take a minute, right now—go schedule a two hour coffee meeting with your team, or your peers, in a room with a big whiteboard for mid January. After action reports are key to growth. There is no excuse for not executing on lessons learned.

Have fun, good hunting, let us know how we can help!

~ @treyford