Online security company, Infoblox, have outlined five steps for retailers to protect themselves and keep their customers safe online this shopping season
- Invest in high quality and highly curated threat intelligence data with low false positives. Along with other controls this data can be applied to DNS in the form of a response policy zone to give organisations a good technical control as well as a proactive stance against phishing and other attacks during the high traffic periods. DDI can form the foundation of a robust cybersecurity system by providing visibility into what devices are connecting to a network and where their traffic is going. We can use machine learning and artificial intelligence to monitor networks, identify infected or malicious devices, and respond to a cyberattack before significant damage can occur.
- Understand how to protect against malicious web pages and DNS Rebinding -whereby a malicious web page causes visitors to run to a client-side script that attacks machines elsewhere on the network. Companies should be checking with their internet of things suppliers to ensure all interfaces are secure in the first place, and if they aren’t and can’t be removed from the network and replaced with a more secure solution then isolate those devices.
- Continued training to ensure they are aware of what to do should a hack occur, or should they even be suspicious about an unusual email, application or even person in their workspace. Whilst technology can always help, in truth there is no substitute to education and this knowledge and culture can be passed on to new employees as they join the company…. Of course, having a well written security policy is the foundation which this is built upon.
- Test your network for Integration and Regression to analyse all security components of your application. This helps focus on the authentication, integration and data access of the network/website used for seasonal deals during high traffic.
- Analyse and monitor third party component vendor sites and other lists of vulnerabilities to identify priority patches that need to be put into place. Using 3rd party modules or plugins may seem like a money saver, it is in the development pipeline, but it needs to be mitigated with security processes and maturity. It may reduce the developers on staff but in reality, it significantly increases the number of individuals that can affect the security of the application, whilst relinquishing control.