https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • EMEA
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 501 Reports
    • MSPmentor Education
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • Awards
    • Back
    • European Partners 51 (EP 51) Awards
    • Excellence in Digital Services
    • MSP 501 Rankings
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Industry Events
    • Webinars
  • More
    • Back
    • About Us
    • Advertise on Channel Futures
    • Contact Us
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • EMEA
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 501 Reports
    • MSPmentor Education
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • Awards
    • Back
    • European Partners 51 (EP 51) Awards
    • Excellence in Digital Services
    • MSP 501 Rankings
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Industry Events
    • Webinars
  • More
    • Back
    • About Us
    • Advertise on Channel Futures
    • Contact Us
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

Strategy


Credit Card security

Security Central: Forever Breached

  • Written by Allison Francis
  • January 11, 2018
Forever 21 revealed that hackers breached their payment system several times in 2017, admitting encryption was turned off on some of their POS devices.

We’ve all done it. We’ve slunk into a Forever 21 store in our local mall, rifled through the endless, unorganized stacks of sequin-ed, flimsy clothing hoping to strike retail gold. We’ve rationalized buying that $6 shirt, justifying to ourselves that even if it falls apart tomorrow (which it absolutely will), it’s fine because we didn’t spend that much on it to begin with. Right?

Turns out, it may have cost some folks a lot more than that. The popular clothing retailer disclosed last week that hackers gained access to credit card information of customers who shopped on specific dates between 2004 and 2007.

The company hasn’t revealed the number of customers who had their information swiped (so to speak), but it did say that various point of sales (POS) terminals were affected between April 3 and November 18, 2017. The hackers didn’t mess around, collecting credit card numbers, expiration dates, verification codes and in some occasions, cardholder names.

How did this happen? Unfortunately, there’s a pretty simple answer – the company failed to turn on encryption in some of its POS terminals. Mind-blowing.

“With its endless POS endpoints, the retail industry has always been a desirable target for cybercriminals,” says Mark Cline, a VP at managed security services firm Netsurion. “They know that if they can introduce malware into POS networks, they can make a decent amount of cash by selling credit card numbers on the dark web. With their millions of customers, large retailers, like Forever 21, have typically been the hardest hit.” Yeah, especially if you don’t encrypt your POS systems…

Cline goes on to say that companies must pay up to $172 per stolen record in clean-up costs. A major retailer just paid $18.5 million to address the impact of its 2013 hack, which resulted in 41 million stolen credit cards.

Many companies still think anti-virus software and managed firewalls are enough. Perhaps it was that way years ago, but partners specializing in the retail world know that to properly protect a company from POS malware, ransomware and other threats, retail businesses must run a strong offense with active monitoring and threat detection. They must harden their IT and POS security.

Considering the threat landscape now, retailers need tools and the knowhow to harden their  security stance and protect their infrastructure from POS malware and ransomware. As providers, you can offer a Security Operations Center (SOC), around-the-clock monitoring, evaluation, and response of all security alerts. You can also evaluate the universe of threats retailers face, triage, and escalate resources to deal with critical threats on an ongoing basis.

Here are a few good rules of thumb from Cline to pass along to customers:

  • Run a vulnerability scan, and update all operating system and software upgrades and patches immediately.
  • Set up a next-generation security system. Buy, build, or borrow the resources to stay ahead of threats and stop ransomware in its tracks with:
    • A next-generation firewall that includes rules you configure to control incoming and outgoing traffic. Manage it 24/7 to make it effective.
    • Use a Security Information and Event Management (SIEM) application to analyze all of your data, filtering out the ‘noise’ or false positives that can make it difficult to detect threat patterns and anomalies that indicate early-stage attacks. The SIEM will issue alerts, so that you can take immediate action when warranted.
    • Implement a Managed Detection and Response (MDR) system that will detect incoming and existing malware, whether it is located on a POS system, workstation, or network. Set it to automate immediate, direct remediation, which will help with some threats.

Forever 21 sent notification letters to the customers who were affected and contacted the three major credit reporting bureaus.

Tags: Cloud Service Providers Digital Service Providers MSPs VARs/SIs Security Strategy Technologies

Related


  • Hired, promoted
    Ingram Micro Promotes Bay as CEO Refocuses
    CEO Alain Monié is dedicating more time to growing Ingram's commerce and life cycle services and cloud business.
  • Cisco Debuts Next Internet Strategy and Innovation
    Cisco Internet for the Future innovation includes critical core technology — silicon, optics and software.
  • Managed Security
    Netsurion-IT Glue Integration Beefs Up MSP Security Management
    Netsurion’s strategy is being the MSSP for MSPs.
  • Someone's bad password posted on a sticky note on a laptop.
    MSP and MSSP Services Checklist
    Attacking password issues head-on provides the maximum return on investment for security.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • KeeperMSP Technical Whitepaper
  • Top Gun 51 Profile: Trustwave’s Suzanne Swanson on Growing Partner Relationships to Build Success
  • OK Boomers, Millennials Are an Increasing Force in IT
  • Slack Reports Strong Enterprise Growth Alongside Office 365 and Teams

Galleries

Images: Channel Evolution Europe Featuring Avant, 8×8, Sophos, CenturyLink, More

December 5, 2019
view all

From the Industry

Tech Providers Need a Marketing Strategy to Drive Growth

December 13, 2019

The Real Cost of a Data Breach

December 13, 2019

How to Prepare for Tomorrow’s Security Threats Today

December 13, 2019
view all

Webinars

From MSP to MSSP: Seizing the Managed Security Opportunity

December 17, 2019

Agents Can Sell Managed Services. Here’s How.

December 17, 2019
view all

White Papers

Why You Should Sell Rackspace Hosted Email

December 13, 2019

Secrets to Sustainable Growth – for MSPs, by MSPs

December 4, 2019

Why Managed Security Presents A Golden Opportunity for MSPs

November 26, 2019
view all

Events

Channel Partners Conference & Expo

March 9, 2020 - March 12, 2020
view all

Videos

FASTCHAT: Why an MSP Needs to Extend Detection and Response Beyond Endpoint Security

October 22, 2019

Ingram Micro: It’s Up to Our MSP Partners to Keep Clients ‘Out of the Headlines’

October 14, 2019

Liongard: Here’s How We ‘Roar’ for the MSP Community

October 14, 2019
view all

Twitter

ChannelFutures

Why You Should Sell Rackspace Hosted Email dlvr.it/RLFVrx https://t.co/xQXUKhD4fk

December 14, 2019
ChannelFutures

Every MSP can benefit from more strategic marketing. @Sherweb dlvr.it/RLDpJx https://t.co/t0qP7gREJ7

December 13, 2019
ChannelFutures

Read how Jeff Van Natter of @TrendMicro is utilizing distributors to reach new partners dlvr.it/RLDZdM https://t.co/UtymAdvfqQ

December 13, 2019
ChannelFutures

Questions about the real cost of a data breach? @ESET dlvr.it/RLDJxC https://t.co/vyj6gnSuIo

December 13, 2019
ChannelFutures

Discover how Tech Data is helping to close the #cybersecurity skills gap. @TechDataSecInf dlvr.it/RLDFBv https://t.co/Q8ZERC7CAv

December 13, 2019
ChannelFutures

Our latest #Cybersecurity Roundup covers CCPA, Pensacola #ransomware attack, @Bitdefender @datto @Netskope… twitter.com/i/web/status/1…

December 13, 2019
ChannelFutures

So you want to sell your partner business? How do you know when? dlvr.it/RLCKv3 https://t.co/rOzWMMmNJ7

December 13, 2019
ChannelFutures

.@Bitdefender today announced the integration of its GravityZone MSP security suite with @datto #RMM.… twitter.com/i/web/status/1…

December 12, 2019

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Cookie Policy
  • Privacy
  • Terms
Copyright ©2019 Informa PLC. Informa Telecoms & Media Limited is a company registered in England and Wales with company number 00991704 whose registered office is 5 Howick Place, London, SW1P 1WG. VAT GB365462636. Informa Telecoms & Media Limited is part of Informa PLC.
✕

channel futures Logo

Want to stay updated? Sign up for our Channel Futures newsletters today.

Websites are now required by law to gain your consent before applying cookies. We use cookies to improve your browsing experience. Parts of the website may not work as expected without them. By closing or ignoring this message, you are consenting to our use of cookies.
X