Security breaches in the retail sector are a common occurrence due to the large amount of credit card information available to hackers accessing unprotected systems and networks. Developed in 1996 — but just now being implemented — EMV, chip and sign technology is starting to help retailers reduce their reliance of valuable credit card data. However, how often do we walk into a store to make a purchase just to feel silly because we don’t know if the chip reader is enabled or not?
In the past few years we saw large retail breaches with incidents at Target, Neiman Marcus, and The Home Depot. However, retail breaches are not new and large national chain retail breaches have been around since 2006 with the announcement of TJX Companies losing millions of credit cards. Can you believe that was 10 years ago? Moreover, what have we learned since?
Retail breaches will continue in 2016 and beyond as retailers are still in denial they will ever be a focus of an attack or of the overall risks to their business even as PCI-DSS standards improve. Being annually compliant does not necessarily mean being always secure. Even worse is if a retailer accepts the risk with only minimal investment and no strategic vision into the needed infrastructure and services required to really protect their customers. Despite what breaches may still be occurring in the retail sector, it is a lagging indicator of what is actually happening overall.
With all these large BREACHES occurring, there has been a significant devaluation of data that has caused cybercriminals to create new revenue streams and seek new types of organizations to prey on. Since the credit card industry has had 10 years to improve their fraud detection systems, the resulting process of canceling and reissuing new cards to consumers is very quick, shortening the life of credit card data and causing the stolen information to be worth much less to criminals.
What kind of data is better and more valuable than credit cards? Your data, of course!
Firewalls and simple anti-virus software are not enough anymore; deep visibility across all levels of the IT environment, continuous monitoring by expert security resources of user activities, and leveraging of valuable threat intelligence information will enable an organization to better understand what’s going on in the IT infrastructure and proactively address security risks before they become bigger problems.
Anti-virus catching a virus is good, but only about 20 percent effective (that’s being generous). More importantly is understanding how that virus got to the users computer in the first place and, further to the core, an understanding of the root cause and overall security posture of a client’s IT environment then rolling that knowledge back into needed systems and services.
Unfortunately, even the most advanced security methods don’t guarantee full protection. Therefore, expert ongoing managed security services designed to actively monitor and respond to cyber threats are the best way to be vigilant and reduce the likelihood of data theft.