As the holiday season approaches and more and more consumers begin shopping, comparing prices, and researching gifts online, cybercriminal efforts are expected to accelerate. Retailers and others offering connectivity to their customers need to pay particular heed to their wireless access points, which can easily and quickly be exploited by malicious criminals. These threat vectors are especially concerning, not only because of the risk that a compromised access point can pose to customers, but also because they can become a gateway for exploiting your corporate network.
As cybercriminals successfully expand their attack vectors, trying to keep up by expanding your security technologies is a proven losing strategy. Too many devices and protocols can often be just as bad as not having enough security in place. And yet, organizations need to be hyper-vigilant about security or they will forfeit their ability to compete in today’s digital marketplace — especially if they become victims of the increasingly effective and ruthless cybercriminal community.
What the Data Shows
Fortinet’s “Threat Landscape Report Q3 2018” revealed important trends in mobile and IoT threats. Forewarned is forearmed, so these insights will help retailers be prepared for what’s ahead.
Mobile malware was on the move in Q3, with Android variants ranking in the top five of Fortinet’s Weekly Threat Briefs several times. The Agent family in the Android panel sits higher on the volume scale than any other family of malware and for any other platform. And according to the FortiGuard Labs team, that has never happened before.
There was also a decidedly IoT theme to last quarter’s report — more so than any previous quarter. The scale of attacks recorded against IoT and consumer devices is huge. More than 1 billion attacks against routers were reported. DVRs and NVRs suffered more than 10 million attacks in Q3, and exploits against IP cameras, network-attached storage, telephony and printers all numbered in the millions.
Protecting Yourself or Your Organization
As devices multiply, so does the need for stronger security. The total number of company-owned mobile devices in use increased 2.5% from 2017 to 2018. This doesn’t include the expanding volume of personally owned mobile devices connected to networks as a result of the 72% of organizations that have a BYOD-friendly policy.
Because cybercriminals understand that mobile is an easy target for infiltrating a network, security leaders need to ensure they have the appropriate controls in place to protect those devices, especially at their wireless access points. This requires that wireless access points and mobile security services be fully integrated into next-generation firewalls. You can further enhance establishing visibility and controlling access to your network using a third-generation network access control system.
Those who offer omnichannel retail experiences can protect themselves from trending threats ahead of the holiday season with these additional steps:
In addition to remaining vigilant for new threats and vulnerabilities, don’t lose sight of what’s happening within your own environment. Basic cyber hygiene is perhaps the most neglected element of security today. Continually removing unnecessary services, stamping out vulnerabilities through patch and replace strategies, and maintaining good order isn’t the most fun or interesting part of security, but it is critically important nevertheless.
This byline originally appeared in IoT Agenda.
Check out our entry level designation of the Fortinet Network Security Expert (NSE) program. It is intended to provide a basic understanding of the threat landscape facing networks today. Anyone interested to learn about the threat landscape and cybersecurity should take this course for more learning. Also learn more about the Fortinet Network Security Academy available to educators and students or the FortiVets program.