Retail IT networks are difficult to protect
Robert Beggs, head of Canadian DigitalDefence, incident response company, said that IT retailers’ IT networks have traditionally been difficult to secure. He noted that these chains are distributed entities with multiple data networks and applications that often contain legacy systems and have mobile labor. Additionally, they handle a large number of financial transactions and are very sensitive to any network downtime. Combined together, he said, makes them ideal targets for cyber attacks.
Beggs said there may be two factors in the recent British attacks:
First, a group may target UK retailers because they understand business processes and target architectures (network, devices and servers, operation of POS devices, security controls, security controls). More importantly, he added, they may have identified and known how to implement a consistent social engineering attack that is particularly effective with UK retailers.
