LP Magazine

JUL-AUG 2014

LP magazine publishes articles for loss prevention, asset protection, and retail professionals covering shrinkage, investigations, shoplifting, internal theft, fraud, technology, best practices, and career development.

Issue link: http://digital.lpportal.com/i/352439

Contents of this Issue


Page 42 of 68

capable of sharing very specific threat information that will allow them to better protect their needs. KNISLEY: Rich, in the context of these worries about the digital space and bad actors getting into our network from outside, how does the in-person threat in physical stores concern you? NOGUERA: Network segmentation, hardening of the devices, testing thoroughly—both in-store testing and external store testing—all this is essential. But, as always, the first line of defense is in-store associates, and the training and understanding and responsibilities necessary to protect those assets. Especially when you add in additional capabilities at POS, it becomes even more critical. So, the in-store associate is our best defense here. KNISLEY: Rich has worked for some of Silicon Valley's biggest companies, so he has deep experience in the high-tech world. What challenges are you facing in retail that are unique to retail, those that you didn't see elsewhere? NOGUERA: That's a good question. When attacking a retail network, it's typically a smash-and-grab approach. The goal of an attacker is to get in there as quickly as possible, grab as many credit cards as possible, and get out. The methods of entry and methods of attack are the same whether it's crime-motivated, a nation-state-type motivation, or a larger coordinated type of event. Coming from high tech, we were always at the leading edge of applying the latest and greatest technology to get as predictive as possible. So, one of our primary challenges in retail is how do we accelerate that game? KNISLEY: Shawn, you work with companies in every industry. When you're working with retailers, what are the nuances or differences that you see compared to a high tech or energy company? HENRY: When we're talking about protecting the network, I don't think that there really are major differences. There are some differences within the architecture and infrastructure—POS devices, for example. But the reality is that the techniques and the capabilities that retailers need to employ to prevent and detect these types of attacks are essentially the same. In IT, for years we've been practicing defense-in-depth. We do it in the physical world as well, of course. But in the information world, it's about firewalls, intrusion-detection systems, two-factor authentication, and encryption. You layer your defenses so that you can be more resilient. But the reality of it is, in the IT space, the most sophisticated adversaries will get into the network one way or another. Maybe that sounds defeatist, but let me illustrate. We've worked with organizations that have 100,000 network endpoints. Imagine in a brick-and-mortar store trying to protect a building with 100,000 doors. Every one of those endpoints is a potential ingress into the network. They're going to get in. While the old paradigm in information security used to be preventing an attack, the reality of it is that now we can't do that. We have to assume that an adversary is going to be there. The new continued on page 44 Use independently Use with accessories www.intelligentlossprevention.com • 800.747.4384 Introducing a new all-in-one EAS sensor with multiple applications for packaged goods and demo devices! loop cable strapping sensor cable adhesive 42 JULY - AUGUST 2014 | LPPORTAL.COM DEALING WITH DATA BREACHES

Articles in this issue

Links on this page

Archives of this issue

view archives of LP Magazine - JUL-AUG 2014