News

Hometown is where Sears sees sales growth

BY CSA STAFF

It’s been awhile since Sears and the phrase "same store sales increase" were used in the same sentence, but that changed Thursday morning when the recently spun off hometown and outlet division product a 3.1% third quarter increase.

Sears Hometown and Outlet Stores said sales for its third quarter ended October 27, increased 3.3% to $557 million, driven almost entirely by the 3.1% comp increase and to a lesser extent by a net increase of nine stores that grew the total store count to 1,111 units. Profits increased 29% $8.8 million or 29 cents a share.

Sears Hometown and Outlet Stores became a separate publicly traded company during the third quarter following its separation from parent company Sears Holdings. The company is lead by president and CEO Bruce Johnson who shared insights on performance by category.

"The company saw double-digit percentage increases in total sales of appliances, mattresses and apparel," Johnson said. "Multi-channel sales (online, store-to-home, web-to-store and mobile) increased by 28%. Sales of power lawn and garden and consumer electronics declined. The decline of more than 30% in consumer electronics sales is consistent with our strategy to de-emphasize this low-margin business in favor of the aforementioned categories."

Johnson said the company was pleased with the performance because the third quarter is typically the weakest due to the seasonality of merchandise categories offered.

The company’s store base consists of 941 Sears Hometown stores that are primarily independently owned stores in smaller communities, 90 Sears Hardware stores and 80 Sears Home Appliance outlet stores.

keyboard_arrow_downCOMMENTS

Leave a Reply

No comments found

TRENDING STORIES

Polls

Are you hiring seasonal employees this year?

View Results

Loading ... Loading ...
News

Johnson & Johnson elects new chair as Weldon retires

BY CSA STAFF

NEW BRUNSWICK, N.J. — Johnson & Johnson has elected Alex Gorsky as its new chairman, board of directors, effective December 28. Gorsky, who was appointed CEO in April of this year, replaces current chairman Bill Weldon, who was with the company for 41 years.

"I am truly honored to succeed Bill Weldon as chairman of Johnson & Johnson," said Gorsky. "Bill’s leadership and contributions to Johnson & Johnson over a 41-year career leave us well-positioned to continue addressing the world’s most prevalent diseases and unmet needs in health care. Our financial strength, global reach, and innovations that help people live longer, healthier lives are a proud legacy for Bill and a strong foundation for the future of Johnson & Johnson."

"Serving as chairman and CEO of Johnson & Johnson has been a privilege, and I am confident in Alex’s ability to lead the people of Johnson & Johnson to even greater achievements," said Weldon, who plans to retire in the first quarter of 2013, after a brief transitional period. "I would like to thank the people of Johnson & Johnson for all their commitment and dedication to the patients and customers they serve. They bring to life the hope and promise of better treatments, cures, health and well-being for those who use our products. It has been an honor to work with them."

"The board gave thoughtful and rigorous consideration to our governance structure and determined that combining the chairman and CEO positions under the strong leadership of Alex Gorsky will benefit all our stakeholders," said presiding director James Cullen.

The board also indicated that it will enhance the its governance structure by expanding the duties and responsibilities of the independent presiding director to include more involvement in stakeholder communications, board and executive performance evaluations, agenda-setting and succession planning. The duties and responsibilities of this position, which will carry the title of lead director, will be detail in the company’s 2013 proxy statement.

keyboard_arrow_downCOMMENTS

Leave a Reply

No comments found

TRENDING STORIES

Polls

Are you hiring seasonal employees this year?

View Results

Loading ... Loading ...
News

Continuous Monitoring is Important During Holiday Time

BY CSA STAFF

By Marcus Ranum, [email protected]

Security practitioners have plenty of opportunity to be extra-glum during holiday season: it’s the time of year when a breach can have maximum impact – avoiding downtime and disruption is critical and your systems are going to be processing more credit cards than any other time of the year.

Let’s not dwell on that, because unless you’ve been living under a rock for the last decade, you will have seen plenty of examples of what can go wrong. A better way to think of it is that the holidays are a particularly good opportunity to show how good your systems awareness has become. You’re going to be potentially dealing with unusual and interesting loads, and anything that can be done to increase your awareness of systems behavior improves your chance of being able to quickly diagnose and repair any problem. It’s not just a security problem, either, though other system problems can sometimes manifest as what appear to be attacks in progress.

In 2002, I was involved in a full-on incident response for a major web e-tailer that had a series of mysterious server/database hangs during the busiest shopping day of the year. It took a tremendous amount of hard work from a team of security geeks to determine that an obscure bug was causing the site’s shopping cart allocator to fail because of a hard-coded limit. Admittedly, there’s no security tool that would proactively detect something like that, but signs that the system was suffering performance degradation at a certain load-level were clear. Unfortunately, nobody was looking.

‘Tis the season to look for anomalies and – from a security standpoint – that means continuous monitoring of your critical assets. First off, it’s good to establish a baseline of how the system behaves under normal load, thereby eventually establishing an approximate idea what “normal” looks like. That trains your eye to detect abnormal loads or events. If you know, for example, that your site typically has 12,000 active shopping carts at a time and that your customer-base tends to be U.S./Canada, you’ll know instantly that something interesting is happening if you suddenly see 30,000 active shopping carts and that 10,000 of them are from Eastern Europe. The point is that if you aren’t continually monitoring your system you don’t know what “normal” looks like – you’re left with “appears to work OK” and “does not work.” Those states don’t convey enough information for holiday operations.

Most of us have gotten the message regarding configuration and patch management around the holidays: make sure it works and don’t mess with it, and have emergency plans if you need to add additional capacity. Unfortunately, attackers might have different plans; you still need to be keeping an ear to the ground regarding system vulnerabilities. In the old days you had to closely monitor the security mailing lists, and have a good idea which pieces of critical software you had exposed in case someone published an ill-timed proof of concept exploit against something on your site.

Nowadays, fortunately, that kind of vulnerability management can be automated – tools can coordinate identifying what flaws there might be in your software as it’s installed, and can quickly flag any new vulnerabilities as soon as they’re published. Depending on how complex and heterogenous your network/applications mix happens to be, that can be a huge time-savings as it amounts to getting a prioritized punch-list that you can fix (and track to closure) instead of having to manage your own vulnerability research and assessment process. Automation of your work-flow and prioritization process is the key to keeping things from slipping through the cracks.

Just today I was in a meeting with the CSO of a large bank who said something that floored me: “Until recently, I didn’t think system log/analysis was particularly useful, since it was backward-looking and I wanted our security practice to be proactive.” Well, I’m glad that he’d come to his senses finally, because system log collection (and analysis) is critical to establishing your baseline of “normal” behavior, which allows you to get proactive when things begin deviating from your expectations. For retailers, however, the value of the backward-looking component is also very high. In the event that you have an incident, being able to figure out what happened is going to frequently depend on your ability to analyze your system logs and determine:

  • Duration of a break-in;
  • Actions taken by the attacker;
  • Customer data that was exfiltrated (if any); and
  • Customer data that was present on compromised systems during the time they were compromised.

If you are under any kind of regulation (i.e.: you handle credit cards, customer information, transactional data including home addresses) for breach notification, the data collected by your continuous monitoring may save you very large amounts of money. One of my acquaintances in the industry has been able to document $3m+/year savings on breach notification/remedies alone, simply by using the data his team collects as part of their monitoring effort to reduce (generally eliminate, in fact) the need for breach notifications to customers. In my friends’ company, he manages a vast point-of-sale network, and he maintains netflow traces of traffic within branch networks and between the branches and central office.

In the event that a point-of-sale terminal at one of the branches is compromised, they can look back through the system execution and firewall audit logs to determine when and how the breach occurred, then retrieve all the flows from the system within that time and conclusively argue whether or not the attack was able to successfully spread horizontally or reach any customer data on the servers at the central office. Having that level of data at your fingertips is a normal byproduct of a continuous monitoring program – you want to collect and retain defensible data regarding past events, while establishing that baseline of normalcy that you can search for deviations from.

It’s a bit Grinch-like to be reminding people that systems/network security is especially important during the holidays. But, perhaps, you can use the oncoming holidays as an opportunity to assess whether your processes are all they need to be. A good assessment should cover:

  • Are we logging enough? Do we keep the logs that we need in order to determine what happened in a breach? Consider network, web server, firewall, and application logs.
  • Are our incident response procedures in place and understood by all the critical responders?
  • Are our backup and business resumption processes functioning and effective? How long would it take to get our key servers back online if we suffered a destructive attack?
  • How long does it take for us to identify a vulnerability in critical software, assess its impact to our operations, and react/patch/upgrade an affected system?
  • Do we have the contacts and support that we may need in the event that we have to go into a full-blown incident response that is outside of our capacity to handle in-house?

Even if you don’t have the time or the staff depth to run an incident response drill, you can learn a lot by asking the questions above, and considering your posture. In today’s “get more done with less” environment it’s a truism that no systems administration/network management/security team has all the resources that they want. The trick is figuring out if you can make do with what you’ve got.

Marcus Ranum, CSO, Tenable Network Security, which provides vulnerability and compliance management solutions to over 15,000 customers worldwide. He can be reached at [email protected].


More Web Exclusives/Guest Commentaries

keyboard_arrow_downCOMMENTS

Leave a Reply

R.Lovely says:
Dec-02-2012 10:15 am

You can choose which images you desire to use in your salutation wallpapers and modify them to be totally original. If you have your possess blog or website merry christmas images and animated christmas screensavers, you know how to also upload the clip art images to beautify your page for the holiday season. happy new year images

R.Lovely says:
Dec-02-2012 10:15 am

You can choose which images you desire to use in your salutation wallpapers and modify them to be totally original. If you have your possess blog or website merry christmas images and animated christmas screensavers, you know how to also upload the clip art images to beautify your page for the holiday season. happy new year images

TRENDING STORIES

Polls

Are you hiring seasonal employees this year?

View Results

Loading ... Loading ...