Americas, Breach, Content, Malware

Sears Kmart Hack: How About Retail Managed Security Services?

Sears Holdings has confirmed another hack over at Kmart, though the company declined to disclose how many of Kmart's 735 locations were hit, according to KrebsOnSecurity. It's unclear if or how Kmart leverages third-party managed security services, but this latest hack puts the spotlight on MSSP cybersecurity opportunities in the retail sector.

Like so many recent retail hacks, the latest Kmart breach involved malware on in-story payment systems. The malware was "undetectable" by Kmarts' current antivirus systems and application controls. the report said. Moreover, the malware has since triggered unauthorized credit card activity. Sears had a similar breach back in 2014.

News about the latest Kmart hack comes one week after Chipotle Mexican Grill shared more details about big malware incident that occurred in late March to mid-April 2017. Yes, that incident also involved point of sale (POS) retail systems.

EMV Smart Chips Provide Some Protection

Apparently, the Kmart breach could have been worse. However, all Kmart stores now have EMV “Chip and Pin” technology enabled. That reality helped to limit the breach, according to a Kmart statement.

EMV payment terminals contain next-generation security technologies. But many retailers missed the initial EMV deployment deadline of October 1, 2015. by mid-2016, many technology companies suffered weakness in their POS businesses because of the complex EMV deployments and delayed contracts related to the technology.

Although more than 70% of cards were EMV chip-enabled by December 2016, only 7% of card-present transactions used EMV technology in the U.S. in 2016, according to EMVCo, a MarketWatch report says.

Outsource Retail, Point of Sale Security to MSSPs?

While MSSPs serve all types of markets, the retail security segment ranks among the top 10 industry opportunities for MSSPs, according to SecureWorks.

True believers in the opportunity include Interface Security Systems, which offers retailers multiple managed security services. The lineup typically includes Wide-area Network Management, PCI Compliance via Cisco IPS/IDS and Rogue Wireless Management, IP Alarm System Monitoring, Managed IP Video Surveillance, and Interface Digital Voice.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.