Why do retailers face persistent security threats and how should they address the problem… especially over the holidays?
The holiday season is upon us, which means that millions of Americans are about to spend a boatload of money buying gifts online. Unfortunately, it also means hackers are ready to mobilize. E-commerce is no stranger to the risks posed by hackers and an increasingly dangerous threat landscape. In 2014, nearly 80 percent of records stolen by hackers were . It’s critical for retail stores to adjust their detection and security strategies to avoid falling victim.
It’s all about the money and third-party threats
Hackers target the retail industry simply because the data they can steal is supremely valuable. The ability to hijack thousands of records, full of credit card numbers and login information, and instantly share and sell it on poorly regulated websites, such as Pastebin.com, means hackers profit quickly. Retailers’ networks store data from every transaction, loyalty and membership program, and more. Hackers will always pursue personally identifiable information (PII) from which they can profit.
Some retailers opt to outsource the management of customer data to third parties. Point-of-sale systems and mobile optimization proxies needed to compete in the digital economy are also managed externally. This gives hackers even more opportunities to target retail companies and their customers’ PII. Even as payment card industry regulations demand network segmentation for greater security, compromised credentials allow hackers to access customer data without setting off any alarms.
Detecting threats faster and learning on the fly
Whether a hacker gains access to customer data with an attack or by stealing login credentials, they can do substantial damage. in 2013 used stolen credentials. Hackers love this method because it gives them unfettered access to a network and all of the data the compromised credentials are authorized to see. It’s time for retailers to adopt solutions and technology that cut down on time to detection and helps security teams – and technology – learn. User behavior analytics (UBA) expedite detection with algorithms and machine learning that get smarter and stronger over time. UBA tools study user behavior to identify anomalous behavior likely associated with some kind of data breach. When the software spots activity that is vastly different from typical users’ actions, it can alert administrators to the possible intrusion. UBA solutions can trace the behavior of compromised accounts, security alerts and user characteristics to spot problems and solve them more quickly.
There’s no getting around the fact that retailers will continue to face these threats whether it’s the holiday season or not. Instead of dedicating security efforts solely to prevention, building in intrusion detection capability through UBA tools ramps up security posture and gives retailers a better understanding of the threats they face. Improving awareness and the ability to snuff out threats means customer, employee and partner data will be more secure. It also means retailers will be ready to deal with the growing threat landscape and respond to whatever they face.
What are your biggest concerns with online security threats? We’d love to hear them in the comments below!
Guest author Barry Shteiman is director of Exabeam Labs at . He is a seasoned information security expert and cybersecurity technology evangelist. Shteiman previously led worldwide public security research as the director of security at Imperva, where he provided vital support for the CTO office. During his seven years at the company, he also served as a principal security engineer and led Imperva’s expansion in the U.K.