Security has, and always will be, our number one priority.
Everything we do is based on trust. That’s why it’s absolutely vital that we do everything within our power (and educate you, our customers, on what you need to do) to keep our systems and software secure.
At this moment in time, software security is firmly in the international news after hackers infiltrated a Florida-based information technology firm and deployed a ransomware attack, seizing troves of data and demanding $70m in payment for its return.
The attack on Kaseya has been labelled the biggest ransomware attack of its kind and has affected hundreds of thousands of businesses - from supermarkets like Coop in Sweden through to schools in New Zealand. Retailers have been one of the hardest hit as Kaseya is used by some POS providers as part of the overall customer solution for remote management for non SAAS-solution where there’s on-premise POS hosting.
As cybersecurity teams scramble to regain control of the data, concerned businesses - especially retailers - have been asking how something like this could happen, if they are protected and what can be done to prevent them being victims of a similar attack.
Our customers have reached out to us with their own questions which we’ve answered below:
Are we affected by what happened to Kaseya?
The answer to this is a simple no, since Sitoo has no connection to Kaseya who were the target of the attack.
Could this happen to Sitoo?
As we’ve seen this week, when it comes to security, nothing is impossible and no system in the world is ever going to be 100% secure from an attack.
However, Sitoo uses the Apple App Store for the distribution of the client app. A similar attack would require the App Store to be compromised - something we feel is incredibly unlikely. Apps are also digitally signed by each developer (Sitoo for Sitoo POS) and then each version is approved by Apple, who automatically (and sometimes manually) test the apps. iOS is based on Unix (BSD) which allows a good isolation between apps and also the kernel. Kernel updates are done by Apple only - therefore significantly reducing the risk of any data breaches.
How does Sitoo protect itself against similar attacks and how can we protect ourselves?
Sitoo relies on Apple and Google for App distribution and on AWS for the backend. There are no dependencies on other services for the core platform. Many components are used for the Sitoo Platform, but are always part of our platform or hosted by ourselves.
For the Back Office we highly recommend using MFA (Multi Factor Authentication) for logins. Combining a password (something you know) with a device (something that you own/possess) increases the complexity of unauthorized logins greatly.
Furthermore, APIs for Server to Server communication can have IP-filtering enabled to only allow access from known IP-addresses.
Obviously, every business is different and you will all have your own IT infrastructure. That’s why we also stress the importance of best practice and making sure all your systems and software are kept up to date. Again, this plays a big role in mitigating the risk of a potential attack.
Do you have a backup that is protected from the rest of the environment that can be used in a similar scenario and could we be backup and running quickly in the event of an attack?
In the event of a disruption like the one discussed here, the most important operational thing is to be able to still service customers in the store and fulfil the customer promise. This can, for instance, be handled via Sitoo's offline mode and the possibility of having several different payment methods, such as Swish and Klarna, and putting payment terminals in offline mode for a period of time.
In a well-integrated online to offline (O2O) business, web orders with click / pick and collect are also offered as an option directly in the store. This ability greatly reduces the risk of having to deny customers the service they expect and losing their short and long term business.
Furthermore, the infrastructure is made with code which makes it possible to restore the entire platform within a few hours and backups are point-in-time lasting 3 days with a database snapshot taken every day and stored for 9 days.
Finally, alerts and monitoring is in place for all components with alerting thresholds where appropriate. There is a 24x7x365 response centre available to customers to report incidents.
If you have any further questions you need answering please don’t hesitate to contact our team.