{"id":55134,"date":"2017-12-19T05:00:02","date_gmt":"2017-12-19T13:00:02","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=55134"},"modified":"2017-12-18T19:54:25","modified_gmt":"2017-12-19T03:54:25","slug":"2018-predictions-recommendations-retailers-thinking-planning","status":"publish","type":"post","link":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/2017\/12\/2018-predictions-recommendations-retailers-thinking-planning\/","title":{"rendered":"2018 Predictions & Recommendations: What Retailers Should be Thinking About and Planning for"},"content":{"rendered":"

 <\/p>\n

\"cpr<\/span><\/div><\/a><\/p>\n

This post is part of an ongoing blog series examining predictions and recommendations for cybersecurity in 2018.<\/em><\/p>\n


\nOverview<\/span><\/p>\n

I see two big things in 2018 that the retail world should think about and plan for:<\/p>\n

    \n
  1. Retail transactions will be processed on more insecure and unsecurable platforms than ever.<\/li>\n
  2. The surge in cryptocurrency prices will drive cybercrime innovation in new, unexpected and unpredictable ways, which may pose major risks for retail.<\/li>\n<\/ol>\n


    \nRetail transactions will be processed on more insecure and unsecurable platforms than ever.<\/span><\/p>\n

    In the early days of electronic retail transactions, they were done on a single platform that was totally under the control of the retailer. When e-commerce began in the late 1990s, that scope expanded to include the retailer\u2019s internal platform, its e-commerce platform and the platforms from which shoppers accessed those (Windows, or Mac).<\/p>\n

    Today, you literally can\u2019t count the number of platforms involved in retail transactions. And as the number of platforms has exploded, so has the problem that many of these are inherently insecure and can\u2019t be made secure. Whether it\u2019s an online shopper using a Windows XP system, an in-store shopper using an old Google Android smartphone, or someone using a new, wearable IoT device with a built-in wallet (but no built-in security), the fact is that retail transactions now are being done on fundamentally insecure and unsecurable platforms. And the proliferation of new devices, combined with how older systems and devices become insecure and unsecurable over time, means this problem will get worse in 2018.<\/p>\n


    \n<\/strong>Recommendation: <\/span>
    \nRetailers need to adopt a     Zero Trust architecture<\/a> approach that reflects this reality. By realistically assuming that many of the platforms in the end-to-end transaction can\u2019t be trusted, defenders can focus their prevention and protection efforts around what they can trust and defend.<\/p>\n


    \n<\/strong>The surge in cryptocurrency prices will drive cybercrime innovation in new, unexpected and unpredictable ways, which may pose major risks for retail.<\/span><\/p>\n

    Like I outlined in my recent retail Threat Brief: Unauthorized Coin Mining \u2013 A New Threat Facing Shoppers and Retailers This Holiday Season<\/a>, we\u2019ve seen a disruption in the threat space recently in the form of unauthorized coin mining attacks. These constitute a new class of attack, and they\u2019re being driven by the surge in the prices of cryptocurrencies like bitcoin. We\u2019re already seeing innovation around attacks focused on getting cryptocurrency into the hands of attackers.<\/p>\n

    If we look at ransomware as a guide, we saw an explosion in innovation and development as ransomware became an ever-more-lucrative area for attacks. I expect cryptocurrency attacks to follow suit.<\/p>\n

    The retail sector has acute exposure to these potential threats. The close relationship between retailers and online financial transactions, retailers\u2019 strong presence as trusted internet sites, their trusted logos, and name recognition all make an environment that leaves retail particularly vulnerable to new attack in this area.<\/p>\n

    Whether it\u2019s the risks of attackers trying to mine cryptocurrencies off popular shopping sites, trying to launder stolen cryptocurrencies through gift cards, or using online retailers\u2019 names and logos as lures to cryptocurrency mining sites, retailers and their customers could be prime targets in this new threat environment.<\/p>\n

    The challenge is this: cryptocurrency theft and fraud are such new threats that we can\u2019t fully scope them yet. That uncertainty makes this threat all the harder to mitigate. We are dealing with the worst kind of threat to assess: the \u201cunknown unknown.\u201d<\/p>\n


    \n<\/strong>Recommendation: <\/span><\/p>\n

    With a little-yet-understood new factor in the threat environment, the critical practice of keeping up to date on threat intelligence and the latest threat trends is even more important. Equally important is supporting and participating in information sharing programs so that new threat trends can be quickly identified and defenders can work together to counter these new threats more quickly.<\/p>\n

    Additionally, adopting a Zero Trust architecture approach can help focus prevention efforts on the things that can be controlled.<\/p>\n

    Finally, it\u2019s critical to maintain a heightened security posture to react quickly as new classes of attacks emerge. In an environment like this, it\u2019s not enough to simply be ready to deploy new technological countermeasures: prevention, in this case, may well require rethinking your security posture.<\/p>\n","protected":false},"excerpt":{"rendered":"

    Cybersecurity predictions and recommendations: what retailers should be thinking about and planning for in 2018. <\/p>\n","protected":false},"author":287,"featured_media":55137,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[229,1005],"tags":[4869,4728],"coauthors":[3069],"class_list":["post-55134","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-predictions","category-retail","tag-2018-predictions-recommendations","tag-cryptocurrency"],"jetpack_featured_media_url":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2017\/12\/cpr-retail-Blog-600x300.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/55134","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/287"}],"replies":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=55134"}],"version-history":[{"count":3,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/55134\/revisions"}],"predecessor-version":[{"id":55182,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/55134\/revisions\/55182"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media\/55137"}],"wp:attachment":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=55134"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=55134"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=55134"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=55134"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}