Six Steps to Boost Data Security Protection
By Jon May, Nuspire Networks
The year 2013 was a wake-up call for retailers with regards to national data breaches, with frequency jumping 62% from 2012 to 2013. Eight chart-topping breaches exposed information totaling just over 10 million people last year, as opposed to one single breach of that size the year before.
Statistics show the fall-out from a breach extend far beyond financial repercussions, (plan for $11k per affected customer per breach). Here are the scary statistics:
• The 2014 Identity Fraud Study reported an increase of more than 500,000 fraud victims to 13.1 million people in 2013, the second highest number since the study began.1
• The average cost of a data breach per global organization this year is $3.5 million, up 15% from 2013.2
• Ever consider the effect breaches have on brand reputation? Along with a tarnished company name, there are vast financial implications that go along with these occurrences including decreased sales, millions spent on investigation and customer notification. So far in 2014, virtually all consumers (94%) worry about retail data breaches.
Customers hold retailers responsible (61%) about as much as they do the cybercriminals (79%). One-third claim they no longer shop at a specific retailer due to a past data breach issue.3
• Shareholder valuations suffer after a breach – and for a long time. An analysis of 13 companies with a large data breach found they each registered a sustained drop in their average daily stock price, and their valuation hadn’t rebounded six months after the breach.4
• Regulators take notice after a breach; so do lawmakers, attorneys general and others who can make life miserable for breached retailers.
Security takes no vacation. Trending evidence shows retail chains possess some traits that can attract cybercrooks. Notoriously money-conscious, retailers traditionally don’t spend all that much on IT security or planning, making them an easy target. Since point-of-sale stations historically functioned as dial-up systems, chains saw little value investing money into POS networks.
Currently, U.S. stores spend only roughly 2% of their tech budgets on security, with the bulk going to improving their e-commerce, according to IDC Retail Insights.
Retail chains can also be unenthusiastic about security around equipment, whether it’s IT hardware, employee laptops or mobile phones, or data that third-party vendors and others possess. A standardized network landscape has become uncommon in the retail sector. It’s critical to conduct real-time event monitoring, threat analysis and constant testing for preservation of customer data along with brand reputability; in-house security professionals don’t always possess all those capabilities, time or resources to take on such a responsibility.
Here are six steps that retailers can take to beef up their security and protection immediately:
1. Establish an uncompromising security approach. An aggressive, proactive security strategy is critical today. This posture must come from the CEO on down, it’s no longer just an IT matter. And it must apply to all aspects of security – from authentication and password protection to wired and wireless networks.
2. Assess the threat landscape. Examine security capabilities not just at headquarters but at each store and warehouse location wherever sensitive company information is available – including all wireless devices used by employees. Don’t forget the retail chain information that third-party vendors and others maintain, such as HVAC with the Target breach.
3. Take an audit. Analyze your IT and POS networks across all locations. Develop policies and practices for locking down networks and master the security that’s in place. Don’t rely on a piece of software. Analysts must examine and assess payment card and other data to detect patterns and irregularities to fine-tune the security process. This practice will never end.
4. Protect all avenues of attack. Limit unmonitored physical access to POS terminals. Train employees on how to spot compromised PIN pads and common scams crooks use to gain access to a POS device.
5. Consider outsourcing security. Chain stores have so many security issues to monitor, analyze and navigate. A managed security service provider may be the answer. MSSPs employ experts who understand each part of a network and possess advanced experience in threat detection and response. Often, they also own the latest “rogue device” scanning tools that continuously look for subtle shifts in network patterns and are able to quickly alert the retailer. In-house security professionals typically don’t possess such a complete understanding of all elements of protection.
6. Test, test, test. Employ a qualified cyber security contractor with POS system experience to try to penetrate your corporate and POS networks – more often than annually.
For all retailers, there’s no such thing as a perfectly safe network. Resourceful cybercriminals with increasingly sophisticated tech tools of their own as well as their steady persistence will constantly seek out vulnerabilities to exploit. But an aggressive, proactive stance minimizes a chain’s exposure. And that’s essential these days.
Jon May is program management department manager at Nuspire Networks, a state-of-the-science managed security service provider.
 Javelin Strategy & Research
 Ponemon Institute annual study for IBM, issued May 2014.
 Brunswick Group study, “Main Street vs. Wall Street: Who is to Blame for Data Breaches?”, June 2014.
 Brunswick Group study.
Target on board with Apple Pay
Target is integrating with the new Apple Pay mobile payments service so shoppers can pay using the Target app from iOS.
“We know mobile is becoming the front door to Target, and we’re focused on creating the best possible mobile experiences for our guests,” stated Jason Goldberger, SVP of Target.com and mobile, in the company’s “A Bullseye View” newsletter. “We’re thrilled to support Apple Pay to streamline how our guests pay in the Target app — this absolutely makes purchasing from Target’s mobile app easier than ever.”
The new Apple Pay is a mobile payments service that will provide an easy way to make purchases from iPhone 6 or iPhone 6 Plus. Shoppers using the Target app from iOS can make purchases with one touch using Touch ID.
Apple Pay will be available in the Target iPhone app in October with a free update to iOS 8, the retailer stated.
Accenture: Big Data critical to retail
New York – Almost all retailers consider Big Data to be important, according to a new survey from Accenture Analytics. When asked how important is Big Data to their organization, 94% of retail executives answered “important,” 58% responded “extremely important,” and 36% responded “important.”
About seven-in-10 (68%) respondents in the “Big Success with Big Data ” study said that the impetus for big data in their organization is to maintain competitiveness, and 82% of retail executives surveyed said that they agree that big data is changing the way they interact and relate to their customers.
For retail executives, the top three reasons for using big data are analyzing customer behavior (56%), bringing together different data sources (49%) and improving personalization (48%). The top functions in which retail executives are using big data are marketing (63%) and IT (42%) And 68% of retail executives are using (not just collecting) customer online purchasing data
When asked where they think Big Data will have the biggest impact on their organization in the next five years, retail executives responded with their top three as: impacting customer relationships (62%), changing the way they organize operations (56%) and redefining product development (53%) When asked to what extent they are using Big Data for new sources of revenue, 55% of retail executives said they are using it extensively
In addition, 48% of retail executives surveyed said they’re using Big Data extensively for customer retention and future acquisition, and 53% said they’re using it extensively for the customer experience.
The top three challenges to implementing Big Data in a company for retail executives are:
- Security (43%)
- Budget (46%)
- Lack of talent to implement Big Data (31%)