10 Recommendations to Stop Cyberthreats in the  Retail Sector

10 Recommendations to Stop Cyberthreats in the Retail Sector

Given the rise of ecommerce, retail companies need to strengthen their cybersecurity policies.

Ricardo Pulgarín, cybersecurity expert at Cirion Technologies, shares essential strategies that every company in the digital environment should consider.

 

Ecommerce growth has yielded evolved security policies in the retail sector, with a renewed focus on the security of e-commerce platforms, protection of online payments, customer privacy and supply chain security, all of which show the imperative of adjusting to a constantly changing digital environment and protecting both company data and customer trust in an increasingly connected world.

“Retail sector companies are responsible for ensuring their customers’ data security through various preventative measures. To this end said companies must necessarily perform a thorough risk assessment associated with their information technology systems, identifying threats and estimating their likelihood and impact on the business alike,” said Ricardo Pulgarín, Security Sales Architecture Manager at Cirion Technologies.

Businesses and organizations should focus on reinforcing their cybersecurity schemes. To that end Pulgarín provides 10 recommendations  to strategically tackle potential threats:

1.- Protect recovery systems and back up data:

In the event of incidents caused by people, ransomware or natural disasters, adopting measures that allow rapid data and systems recovery is of the essence. To do this, you need to back up the data, perform recovery tests and have a plan in place to include the definition of the recovery point objective (RPO) and determine the frequency of backups, along with a recovery time objective (RTO).

2.- Run recovery drills

These actions are meant to ensure data availability, resource recovery, and that everything is working as expected. An appropriate communication throughout the command chain in place must be added together with the definition of teams’ and individuals’ responsibilities.

3.- Cybersecurity training and awareness

Establishing data security should be a company priority. Therefore, a cybersecurity training plan for employees is key, both to understand the risks to which the company may be exposed, and to understand the importance of owning their roles upon potential threats and being internal promoters of cyber defense.

4.- Define the attack surface

Organizations must be clear about the systems, devices and services required in their environment to keep their businesses online and an active inventory. This will help them identify their most vulnerable ends and draw a system recovery baseline.

5.- Audit and manage the most vulnerable devices

In order to achieve a comprehensive security strategy, having controls throughout all network critical points is key. Without a doubt, perimeter security matters; however to be effective, and considering users’ high mobility, it must be complemented with security on end-user devices.

6.- Network Segmentation

To help contain malware actions. If a threat enters the network, it must be “buried” to prevent it from moving uncontrollably and collecting information. To do this, it is necessary to “divide” the network into smaller sections, thus preventing threats from moving laterally, with better control of traffic flow among sections.

7.- Protect emails to thwart ransomware attack

In addition to network devices, you must as well ensure that email solutions are running their latest updates and have a secure infiltration protection.

8.- Enhance identity focus

Organizations need to implement multiple factor authentication mechanisms for their remote users and customers, which will enable higher validation of access authorization to their most critical information. Do not forget to monitor use of ports, protocols and services on the network to stop malicious applications from maintaining a security gap that can be exploited by the attacker.

9.- Consolidate security throughout the entire Cyber Kill Chain

The cybersecurity kill chain model identifies what cybercriminals do to achieve their goals. The possibility of human failure requires implementation of solid security technology and a cybersecurity strategy to integrate various controls and enable visualization of the different stages an attacker must go through before being successful.

10.- Have an incident response plan in place

A clearly defined, evaluated and proven incident response plan will contribute significantly to ensuring a better result in the event of cyberthreats.

 

Cirion owns a complete portfolio of security integrated solutions, with network protection and mitigation services, among others, customizable to any kind of industry requirements.

Cybersecurity: Keys to “close the doors”  on Attackers

Cybersecurity: Keys to “close the doors” on Attackers

The focus on network visibility, application availability, data center resilience, people training, and continuous cybersecurity monitoring are fundamental strategies to minimize risks.

  

The increasing sophistication and quantity of cyberattacks. Some relevant data from the ESET Security Report 2023[1], show that 69% of Latin American organizations suffered a cyberattack within the last year.

Furthermore, in many cases, organizations are not even aware of these breaches.  

In this scenario, having a robust cybersecurity strategy in place to “close the doors” to cybercriminals is of the essence to ensure business continuity and reliable access to systems, both by employees and customers. 

It all starts on the network. A secure network protects your resources from unauthorized access, inappropriate use, and information modification or denial. Access points (APs) protection -devices that enable wireless terminals to connect- is of the essence, since they are precisely one of the main potential entry doors for attackers. 

The next step is given by application and data centers protection:  deployment of robust measures to protect  webpage access and parameters to detect and mitigate suspicious activities. Use of advanced firewalls, intrusion detection systems, multi-factor authentication and data encryption is recommended to ensure a comprehensive defense. 

This is just the beginning. Acquiring the best tools available to mitigate risks or setting a static plan over time is not enough to achieve a robust protection. Let’s bear in mind we are talking about a highly dynamic segment, with new types of attacks appearing on a daily basis and where everything changes at great speed.  

Ongoing and proactive monitoring 

This is why an ongoing and proactive monitoring for threat prediction, prevention, and detection is required, including  a penetration test review. The presence of a technology partner as Cirion Technologies may be key in this pathway: not only it provides the best available security platforms and tools, but updated knowledge, trendy insights, expertise to prepare recovery in the event of breach and, most importantly – talent, one of the scarcest assets in this market. 

Monitoring is an essential practice, since it enables detection of potential incidents thanks to the active and passive monitoring of event logs, traffic patterns, users and systems behavioral anomalies, and any other unusual activity. 

And to achieve a truly solid and sustainable protection over time, an additional point maybe one of the weakest links in the chain, must be necessarily reinforced; i.e., people. Raising awareness across the organization regarding the importance of IT for the business, sensitive information and risks is another pillar on which a successful cybersecurity strategy is grounded.

[1] This report addresses Latin American companies’ main concerns as far as Information Security is concerned, as well as the number of security incidents reported during the last year, and the impact of specific threats such as ransomware, spyware and trojans.

Author:
Ricardo Pulgarín
Security Solutions Architecture Manager
Cirion Technologies

The inevitable transition to SASE; beyond legacy security

The inevitable transition to SASE; beyond legacy security

The increasing complexity of cyber threats calls for an evolution on how to approach security, leaving legacy hardware-based solutions behind and embracing a more agile and efficient architecture.

 

Cybersecurity is more critical than ever in today’s digital age. The increasing complexity of cyberthreats calls for an evolution in security approaches, leaving legacy hardware-based solutions behind and embracing a more agile and efficient architecture – the SASE (Secure Access Service Edge) platform. The question is no longer whether to make this transition, but when and how to perform this radical shift.

Legacy, hardware-based security has been a cornerstone for decades. However, the rise of remote work, network expansion, and threat diversification have clearly exposed the significant limitations of these solutions. The rigidity and lack of adaptability of legacy infrastructures hinder an effective protection against cyberthreats, in a dynamic and constantly changing environment, where different sources agreed that the number of attacks grew by three digits in 2023 versus 2022, both for personal data and government entities’.[1] And, if a shred of doubt was left, in an IBM report on data breach cost for 2023, 95% of  respondents who suffered a data breach, said they experienced more than one. Not a minor issue.

The cloud-based SASE platform emerges to tackle these challenges. By integrating security and networking functions, SASE provides a unified architecture adjustable to the changing needs of modern businesses. Cloud inherent mobility and flexibility allow organizations to protect their infrastructure without sacrificing operational agility.

Transitioning to SASE is not just a strategic choice, but an imperative. The decentralized nature of today’s work demands a security approach that goes beyond traditional network boundaries. Thanks to its edge security approach and cloud service delivery the SASE platform is the perfect match for this new work reality.

The key component for transitioning is given by a mindset shift. It’s not just about the adoption of new technologies but embracing a security culture adjustable to cyberthreats’ dynamic nature. The SASE platform not only delivers greater operational efficiency, but also fosters across-the-board collaboration and adaptability.

Additionally, cloud-based security provides an opportunity to improve user experience. By removing the need for routing through legacy devices, SASE enables faster, more secure, anywhere access to enterprise resources. Thus, we are not only enhancing productivity; the security posture becomes more robust by ensuring users secure resource access, when needed.

However, transitioning to SASE is not free of challenges. Migration management and platform integration into the existing framework are critical steps. Staff training and joint collaboration between IT and security teams will be essential in this process of change.

What matters here is noting that transitioning from legacy hardware-based security to the cloud-based SASE platform is no longer a “yes or no” but rather a “when” question.  The need of adjusting to an ever-evolving business environment and the increasingly sophisticated cyberthreats make SASE the logical choice. Our future security is no longer waiting; it’s in the cloud, and transitioning is inevitable.

[1] “Data Breach Investigations Report,”  Verizon, 2023. Vs. “Data Breach Investigations Report,”  Verizon, 2014-2022. https://www.apple.com/newsroom/pdfs/The-Continued-Threat-to-Personal-Data-Key-Factors-Behind-the-2023-Increase.pdf

Author:
Alejandro Girardotti
Senior Director of Products, Innovation and Strategic Alliances
Cirion Technologies

Cybersecurity: be aware of the dangers and invest in protection

Cybersecurity: be aware of the dangers and invest in protection

We are currently experiencing a major dilemma. On the one hand, there is a huge demand for high-performance computing services, which span multiple industries and verticals. On the other, many of these companies still don’t have the adequate support teams responsible for 24/7 monitoring of the various vulnerabilities to which the organization may be exposed. The learning and adoption curve needs improvement; companies believe it won’t happen to them and that there’s no need to invest. 

In the framework of International Computer Security Day, it’s imperative to remember that both the company and employees are responsible for having policies and protocols in place to achieve optimal cybersecurity.  That’s why education in cybersecurity is key to a company’s technological health. Reality has shown us time and again that an attack can cripple critical areas of the company, causing millions in losses. 

Phishing, ransomware, social engineering attacks, supply chain and cloud attacks; online identity forgery and DDoS (Distributed Denial of Service) attacks, are the main vulnerabilities we see more and more often. This is why cybersecurity in organizations involves a series of measures and precautions to protect the company’s systems, networks, and data against potential cyberattacks and threats. 

Increasingly, companies and organizations depend on technology and digital connectivity to carry out their productive and commercial operations, leaving them vulnerable to cyberattacks, whether through data theft, interruption of services or destruction of information. It is therefore essential to have cybersecurity strategies in place to protect the integrity of information and safeguard reputation and business continuity. 

Having a strategy is key, as it establishes a comprehensive plan to identify, prevent, and mitigate the risks related to cyberthreats. To develop it effectively, some crucial actions must be adopted: 

Self-assessment

Carrying out a risk assessment (critical assets, possible threats and vulnerabilities) and being prepared internally against potential incidents is vital. Also, security policies should address the access to systems and data, passwords, the use of personal devices (BYOD), awareness, and training. 

Platforms and Forecasts

Here, we must pay special attention to access management, different updates and patches, firewalls and antivirus – always remembering to encrypt data. 

Detection and response

Once a breach is detected, monitoring is key to detect suspicious activity. Early detection can help mitigate the impact of an incident. After a cyberattack, you must identify, contain, eradicate, recover, and learn from what happened. Also, don’t forget to have mechanisms in place for backup and recovery. 

Regular audits

Carry out and avoid feeling safe or complacent. It’s important to keep up to date with legal compliance, collaborating closely with cybersecurity experts.   

Faced with this scenario of latent vulnerabilities, it is imperative that companies seek the advice of experts in managed solutions and, at the same time, promote digital education campaigns to raise employees’ and user’s awareness regarding cyberthreats and the damages they may cause. The overall idea is to cover three fronts of action:  end-user devices, access to the network, and cloud applications and services. 

Finally, it is key to underscore that a cybersecurity strategy must be tailored to the specific needs and characteristics of each company and be subject to continuous assessments and adjustments to address potential new threats. Being always ready seems to be the watchword today, more than ever.

Author:
Ricardo Pulgarín Gómez
Senior Security Solutions Architect
Cirion Technologies

Information security: a multi-dimensional challenge

Information security: a multi-dimensional challenge

The future of business is built on data.  A few years ago, this statement might be labeled as exaggerated, however it’s very descriptive in the age of digital transformation. By the same token, poorly protected data represents a risk for the entire organization. Therefore, we can say that the numbers detected by IDC and presented at Cirion Forum’s latest edition in Buenos Aires, are reasonable: 38% of the main IT initiatives in Latin America are linked to information security. 

The road to a cyber-secure company, albeit necessary, is also a multi-dimensional challenge. 

The main one is driving greater information security education within companies.  Historically, an organization was more likely to worry about its security after experiencing an incident.  When looking at the daily volume of attacks, we can infer that it is even more likely that every company has already experienced one.  This is why it’s time to shift paradigms, starting by feeling vulnerable and deploying the best protection models possible. 

Leaks may occur as a result of bad decision-making based on erroneous information.  A common example: many organizations think that hiring a public cloud service solves their problem.  While it’s true that the large cloud providers offer security and excellence and comply with the sector’s main international rules, this primarily includes the infrastructure level.  This means that companies don’t think about end-to-end protection for their data, which exposes several gaps.   

Additionally, other weaknesses appeared as a consequence of the pandemic.  The accelerated digitalization taking place at the time often pushed security aspects to the background. Systems had to be moved from premises to the cloud to keep organizations operational, but there was neither time nor resources to conduct detailed analyses of the security gaps revealed.  In this sense, there is now a greater level of awareness regarding this issue and new projects tend to consider information security as early as in conception. 

Talent deficiency 

Another strong impact on security is caused by the resource gap. IDC states that 85.5% of Latin American companies face difficulties in finding personnel with the appropriate skills, and 47.3% count on only one specialized cyber security resource. Therefore, the presence of a technology partner is key, bringing knowledge, updates, and experience that would be difficult to find internally. 

Finally, emerging technologies present a new challenge: artificial intelligence (AI) is a double-edged sword.  On one hand, it is a key ally for automating and predicting zero-day attacks, new vulnerabilities, exploits, and other threats which can represent an impossible volume of information to be digested by a group or groups of analysts.  By using AI for detection, experts can tackle deeper issues.  However, this same AI is being used by attackers to perfect their strategies. 

There are obviously many challenges, but the goal should be always the same: implementing a layered, end-to-end strategy that protects access, the increasingly remote connectivity of users (with “zero trust” strategies), APIs and, of course, the traditional perimeter, with state-of-the-art firewalls. To do this, the first step is to understand the business, its needs, its vulnerabilities and its risks, and understand the complete trajectory of data and applications. This is the only way to maximize protection and reduce the surfaces of attack.

Pablo Dubois

Author:
Pablo Dubois
Regional Security Product Manager
Cirion Technologies

Digital infrastructure and physical data security: understand best practices

Digital infrastructure and physical data security: understand best practices

Information security has been a widely debated topic throughout past years, if not decades.  As of the second half of last century, business models and even people’s lifestyles have become increasingly dependent on electronic equipment and digital information.  

Practically everything we do today leaves a track of bits and bytes which can be used positively or negatively. For companies, this data becomes a critical asset and losing it may even cause a company to shut down its activities. 

This naturally creates many concerns in terms of ensuring information security, whether for protecting businesses or people.  Movies and news reports put great emphasis on logical data protection, frequently showing hackers in a glamorous fight between good and evil.  Terms such as BCP (Business Continuity Plan) and DR (Disaster Recovery) are discussed within companies. 

However, a warning is in order! In day-to-day business, physical protection is as important as logical protection, although this topic doesn’t usually receive its due attention. 

What is needed to ensure the physical security of information? 

Physical security of information aims to ensure continuous operations, access control, and environment resilience. Digital infrastructure must respond adequately and protect its data based on the following principles: 

Environmental security: Directed at protecting equipment from natural incidents, such as floods, storms, earthquakes, or even human errors, such as strikes, road accidents or any kind of impact that can interrupt services due to the loss of carrier access or of capacity from the infrastructure’s operations. This includes duplicity of facilities, if necessary.   

Availability security: Related to ensuring redundant means for energy supply, equipment refrigeration, fire protection, and data transmission links, including IT infrastructure, such as redundancy of storage components, switches, load balancers, servers, etc. 

Physical security of the perimeter: This is to ensure that only authorized teams have access to equipment and infrastructure facilities. 

The topic seems simple and obvious, but it’s not.  There are several and different certifications in the market to align and ensure best practices in infrastructure security. Some are even specialized by business segment. 

In terms of perimeter security only, for instance, we can expand the topic into different sub-items and processes: 

Management of access requests: With defined processes and a system for managing and storing history requests, it aims to ensure that all authorized access to the infrastructure is vetted and approved according to their motives and capacities.  

Authorization of entry: This is the basic entry access but depends on the previous step being well executed to specify who can receive authorization. It demands steady hands to endorse information and execute the authorization of entry correctly. 

Reception and referral: Mainly in more complex infrastructures – such as large data centers – this is the stage where visitors are received in premises and accompanied to the spot where they should work or have access.  This stage ensures that a person authorized to execute a specific service is unable to access the entire location, which might cause incidents in other places inside the facilities. 

Access control and monitoring: Biometric sensors, smart doors with volume and weight identification for entry and exit, cameras, and security teams must be used to prevent anyone – through malicious intent or human error – from removing or placing equipment in the infrastructure without proper control. 

IT equipment lifecycle control: Analyzes the expected energy consumption as of the entry request; uses IoT technologies and automation, such as RFID, to control the equipment’s position inside the data center, registering and monitoring from entry, deployment, and operation usage up to the entire deactivation process, including data cleanup and certified equipment destruction, with less environmental impact. 

How and how much to invest in the physical security of digital infrastructure? 

A safe digital infrastructure may demand large volumes of investment.  We could say that the sky’s the limit, but it will never be possible to create a fault-free environment.   

The investment in physical security, then, will be inversely proportional to the business dependence on data. To lose last trip’s photos may make someone unhappy, but it won’t cause great harm.  On the other hand, losing customer and billing information may represent shutting down a business.  For a legal office to spend hours without internet access can cause a lot of headache but only a few minutes without access generates immediate financial impact on an e-commerce. 

Therefore, the amount invested in physical security and digital infrastructure redundancies is, in general, directly proportional to the financial volumes involved in the business and inversely proportional to an acceptable recovery time. 

That is, the greater the volume of money involved, the greater the concerns about infrastructure, as can be observed in the financial segment.  And the less time a business can afford to remain inoperable means greater concerns about security, as described in the e-commerce example. 

Cost, however, is not the only impact on an infrastructure’s security. Time and experience also count.  Building walls, power and cooling structures takes time.  Defining processes and control systems demand a learning curve.  

It may be tough to measure this time precisely as a cost, but it can be monetized as loss of business opportunities due to delays in going to market or even because of exposure to already existing business risks. 

A good way to shorten these times or adjust the cash landscape for the necessary investments in digital infrastructure is to contract infrastructure as a service from a reliable cloud or data center provider. 

These providers have facilities and processes already in operation, as well as certifications that testify to their qualifications, and a history of customers and incidents that allows them to validate and improve the necessary controls and redundancies to maintain operations at reliability levels that would be unfeasible for other ventures.  

If your IT team is still worried about understanding whether the electric generator will support the load in case of a power failure or if the LTO (Linear Tape-Open) will remain legible to recover backup, maybe it’s time to learn more about the processes and operations of a professional data center, to help you ensure the security of your business.  Cirion has the best data center structures and strict security protocols, endorsed by a series of certifications, not to mention a highly skilled team to support your company’s daily business. 

Author

Heubert River
Head of Data Center, Cloud & Security Operations,
Cirion Brazil

Heubert has more than 20 years of experience in leadership positions in data center operations in critical, high-capacity, and high-performance environments. He is responsible for Cirion’s Data Center Operation in Brazil since 2013.

He has an MBA in IT governance from USP/IPT, several technical and methodology certifications, as well as broad international experience, having led operations in more than 10 countries in Latin America, USA, and United Kingdom.