Holidays a Boon for Hackers as Much as Retailers

Level 3 Shares Retail Security Best Practices for 2016 Season

News provided by

Oct 13, 2016, 08:00 ET

BROOMFIELD, Colo., Oct. 13, 2016 /PRNewswire/ -- The holiday season brings opportunity for retailers – and for hackers looking to invade retail networks, disrupt systems and steal valuable information. To help defend against these threats, Level 3 Communications (NYSE: LVLT) is releasing comprehensive omnichannel security best practices for retailers heading into the 2016 shopping season.

Experience the interactive Multimedia News Release here: https://www.multivu.com/players/English/7911453-level-3-holiday-ebook-retail-security

Interview with Susan McReynolds on Level 3’s holiday security tips for retailers.

PCI compliance requires an annual audit; retail security should focus on what happens in between. Conducting vulnerability assessments and testing of the entire environment — endpoints, applications and the network — is essential.

Retailers are bringing the best of online digital engagement into the store environment, but bypassing security controls to implement the latest technologies and SaaS applications opens the door to vulnerabilities and cyber attacks.

Point-of-sale (PoS) malware is a lucrative business, leaving retailers fighting a war of reputation and liability. As PoS systems are targeted with greater frequency, malware developers are creating new strains at a breakneck pace.

Read Level 3's Retail Holiday eBook, Checkin' the List Way More Than Twice: www.level3.com/RetailNetworkSecurity.

Top Takeaways for Retailers:

Retailers may be more vulnerable this holiday season due to the fact there are more access points for sophisticated cybercriminals to exploit across the omnichannel given the pervasiveness of highly distributed endpoints spanning kiosks, in-store Wi-Fi, mobile point-of-sale (mPOS) and the prevalence of IoT devices.

While Payment Card Industry Data Security Standard (PCI DSS) compliance is an important piece of retailers' strategy, attackers are also invading networks to obtain valuable financial records, employee data, healthcare records and other personal identifiable information (PII), which can be used for phishing and social engineering. Retailers need to employ security measures beyond PCI DSS compliance to defend against these threats.

The average total cost of a data breach is $4 million according to Ponemon's 2016 Cost of Data Breach Study, with each breach averaging $172 per record breached for retailers. To protect against these exposures retailers need to implement robust threat intelligence and monitoring.

According to Ponemon, it takes retailers an average of 197 days to identify advanced security threats in their environment. No retailer can afford six months of dwell time, which is why enhanced visibility into the network is critical, as is conducting a post-holiday review of network performance.

A recent KPMG study found consumers aren't very forgiving when it comes to cyber attacks against retailers; more than 50 percent indicated they would forego shopping at an affected retailer for at least three months after a breach or stop shopping at a breached retailer altogether.

With more than 65,000 Transmission Control Protocol (TCP) ports in a single firewall, retailers should use actionable threat intelligence that tracks two-way communications to identify suspicious and malicious network activity to stay ahead of attackers and quickly respond to threats.

Key Facts about Level 3:

Eight of the top 10 U.S. retailers by revenue rely on Level 3 to protect their critical infrastructure.
Level 3 network security teams track 1.3 billion security events and 3 million compromised computers every day.
With 4.5 terabytes of ingest capacity and nine global scrubbing centers, the team mitigates more than 140 DDoS attacks per day for organizations around the globe.

Key Quote:

Chris Richter, SVP Global Security Services, Level 3
"Quickly implementing the latest in-store technologies and digital engagements at the expense of security is a strategy for failure. This holiday season – more than any other – it's critical for retailers to implement a robust, integrated security strategy across the entire omnichannel."

Additional Resources:

About Level 3 Communications
Level 3 Communications, Inc. (NYSE: LVLT) is a Fortune 500 company that provides local, national and global communications services to enterprise, government and carrier customers. Level 3's comprehensive portfolio of secure, managed solutions includes fiber and infrastructure solutions; IP-based voice and data communications; wide-area Ethernet services; video and content distribution; data center and cloud-based solutions. Level 3 serves customers in more than 500 markets in over 60 countries across a global services platform anchored by owned fiber networks on three continents and connected by extensive undersea facilities.