You are here
NATIONAL REPORT — Target Corp., Home Depot Inc., P.F. Chang's China Bistro Inc., eBay Inc., Michaels Stores, SUPERVALU Inc., JPMorgan Chase and Co., and in the convenience channel, MAPCO Express Inc. All these companies have something in common — and it's not a good thing. Each one has suffered from a cyberattack in some form in the past two years.
There were 395 reported breaches in the United States in 2014 as of July 8, a 21-percent increase compared to the same period in 2013, according to the Indentify Theft Resource Center.
Clearly, data breaches are on the rise, culminating in August when a Russian group hacked 1.2 billion usernames and passwords belonging to more than 500 million email addresses. According to Hold Security, a company that specializes in data breaches, this hack attack represented the "largest breach known to date."
Breaches are on the rise because in the past, hackers needed to be quite sophisticated to successfully steal data. Today, the barriers to entry are much lower than ever before.
"Not only are there automated hacking tools," said Dwayne Melancon, chief technology officer at Portland, Ore.-based Tripwire Inc., provider of products intended to prevent cyberthreats. "But also it's because retailers have tight budgets and a false sense of security due to PCI (payment card industry) standards. But PCI requires continued vigilance and I'm not sure all retailers continuously monitor their environments for attacks."
Financial gain and the theft of intellectual property are why 85 percent of cyberattacks take place, Verizon's 2014 Data Breach Investigations Report showed. Conversely, hacking incidents done for fun or based on an ideology are near zero, the report concluded.
If a retailer such as Target, one of the largest retailers in the world, could not prevent a data breach, how can smaller convenience store chains do so?
While there is no definitive way to prevent a data breach, experts say there are several ways to ward off cybercriminals, even for c-store retailers that have limited budgets.
At the point-of-sale (POS), hackers often already know of an explicit vulnerability a retailer has and they continue to attack it repeatedly. Retailers that do not have large technology budgets and have yet to implement EMV (Europay, MasterCard and Visa) guidelines still do have hope of thwarting an attack, however, stated Seth Ruden, senior fraud consultant at ACI Worldwide Inc..
"It's important to default passwords, especially for remote access," he said. "If a retailer uses an application that allows them to check POS records from home or allows them to access their computer network from a remote location, it can lead to potential problems."
And it's not only the POS that can be attacked. Retailers must recognize that any network associated with the POS computer can be at risk. "So whenever possible, it's very important to separate the POS network from any other network [retailers] use that is connected to the Internet," Ruden said. "If it's possible to remove the POS computer from the external Internet,that would be very helpful."