We know that Cybercriminals 'follow the money' and constantly target industries and individuals who can provide them with the most valuable data and information they can utilise to make money. Generating revenue from their nefarious criminal activities is the name of the game for these highly organised and well-resourced criminal gangs.
On several occasions last year, US retailers in particular appear to have been targeted for attack with a number of high profile companies being shown to have been hacked, with credit card details, customer data and other sensitive information being taken - often over a prolonged period of time.
But this is just the tip of the iceberg as we know that since the motivation of cybercriminals is profit not fame, they have moved away from more obvious and high profile attacks, and instead are opting for stealthy attacks which extract the maximum amount of data and profit while attempting not to give away the fact they have got into the network in the first place.
Indeed the growing targeting of shops and other retailers was further highlighted when just last week researchers revealing a new threat to retailers in the form of malware which is targeting Point of Sale (PoS) systems. Christened PoSeidon, for its targeting of PoS systems, the malware infects machines and scrapes memory for credit card information which can be extracted and sold on in the dark economy.
So what can we as customers of shops and other outlets, do to ensure the shops we visit either in person or online protect our information and we can give them our credit cards details without fear they will be sold on to the criminal underworld?
The simple answer is unfortunately we can not do very much. We are reliant on the retailer taking adequate steps to protect against threats, in exactly the same way as we have to trust to our governments, employers and banks that they too protect our personal data.
The good news is that enterprises and government are doing their best to protect against attacks of this nature. The fact is that organisations that suffer cyber-attacks or hacks usually see not only an impact in their share price, but also in customer numbers. After all, in such an ultra-competitive business landscape, a customer has many options who to do business with and the loss of trust can have a damaging effect that can take months or even years to repair.
Similarly, a government agency that is unable to protect citizen's data is likely to be viewed with some concern by people and is less likely to be trusted with more information.
Loss of trust, though, goes far beyond the cost of lost orders and visitors; many studies have concluded that businesses that suffer a significant data breach or hack experience record drops in innovation and staff numbers as a result.
Put yourselves in the shies of the retailers themselves. Weighed against this loss of trust if hacked, we know that it is no longer a question of if they get attacked, but when. So given this sense of inevitability they will be compromised, what does it mean for the customers' trust and ultimately the retailers' company bottom-line? I don't believe so if enterprises are organised and sensible about the steps they take.
First of all it is critical that security teams recognize and acknowledge the new security reality. Rather than burying their heads in the sand and hoping against hope that it never happens, they need to recognize it is very likely to happen and then act accordingly. By assuming you will be compromised and putting yourselves in the role of the attacker and what they see, you can start to review your security in a different light and plan accordingly.
With a deeper understanding of the methodical approach that attackers use to execute their missions, you can identify ways to strengthen defenses and be able to respond quickly to limit the damage when it does happen.
Defenders must use these very same capabilities as the attackers to better protect against attacks; this includes having visibility across their IT environment including PoS, mobile devices, virtual environments etc. Second they need automation to take some of the work away from the hard-pressed internal teams. By taking advantage of technologies that combine contextual awareness with automation to optimize defenses and resolve security events more quickly. Thirdly Intelligence is key. In an age when hackers are conducting extensive reconnaissance before launching attacks, security intelligence is critical to defeat attacks. By continuously tracking and storing information about unknown and suspicious files across a widespread community and applying big data analytics to identify, understand, and stop the latest threats, businesses can even turn back the clock and retrospectively deal with files and applications which were let through but subsequently were revealed to be malicious.
Critical in maintaining the trust of customers is not only to make it harder for attacks to succeed, but also to have the visibility across the network so that retailers see when something unusual or unexpected happens and quickly. After all research shows that often cyber criminals remain undetected for months or even years once they successfully get in, so finding them quickly and seeing what they have been doing and what applications and databases they have been compromising is the secret to stopping lasting damage. If the defenders can detect compromise more quickly and effectively, and minimizing damage, they can then focus on the process of informing their customers/consumers that they have identified a problem, and minimized its impact. That way they can begin to rebuild trust.