External Threat Management

What Happens When Consumers No Longer Trust Retailers to Protect Their Data

The spotlight has been on the retail industry ever since the infamous Target breach over last year's holiday season. While Target has become the poster child for high profile data breaches, several other retail organizations since and prior to that incident have suffered breaches as well.

When it comes to retail breaches, customers are the ones who tend to suffer most. The criminals are targeting their private data, and a new study completed by the National Consumers League (NCL) found that 72% of breach victims were also victims of fraud.

The study also shows that consumers are increasingly losing faith in businesses to protect their identities. They're demanding more government involvement and fraud prevention measures.

"Data insecurity is leading to real consumer harm and this report confirms consumers are at a loss for where to turn in the face of this national problem," said NCL's John Breyault. "As consumers share vast amounts of personal data with businesses, government and other entities, they expect their information to be protected from malicious hackers."

Businesses need to take this study seriously. The report found that 6 in 10 victims whose information was compromised in a retail breach said their level of trust in the retailer declined significantly. In fact, nineteen percent of victims whose data was breached said they'd avoid doing business with those organizations in the future.

So what is happening to address this? According to The PCI Counsel's Bob Russo, not enough. He claims that the retail industry still has a long way to go.

"Compliance does not equal security," said Russo. "Even with the best standards in place, these criminals are persistent in their attacks and businesses basically have to be defensive in their protections."

Russo does point out that great strides have been made in migrating towards chip card systems that conform to Europay, MasterCard and Visa standards. He explains, "Everybody is getting ready for it. We expect to see about 100 million [EMV] cards in the market by the end of year."

Improving POS systems and hardening internal security, however, is a predictable move. As that vector of attack becomes more difficult and expensive to exploit, cyber criminals can simply adjust their focus.

In particular, the area outside the firewall -- defined by RiskIQ to be digital assets such as websites and mobile applications accessible online -- is rife with backdoors, vulnerabilities, potential exploits and malware. Malvertising (ads with embedded malware) is becoming a popular malware distribution method. Research from the Online Trust Alliance (OTA) shows a 200% increase in malvertising incidents in 2013 to 209,000 incidents generating over 12.4 billion malicious advertisements!

They also claim that the majority of these attacks are drive-by-downloads , which occur when visitors interact with a website, no clicking required.

Malvertising and other website-based exploits are proving to be highly effective and inexpensive. Even more troubling detecting them is a difficult task and preventing them is basically impossible.

RiskIQ has developed innovative new technology and a single pain of glass workspace designed to allow operators to efficiently and effectively track threats across their web and mobile space. It allows customers to establish a dynamic inventory of every known and unknown digital asset in order to maintain a system of record.

Custom scanning can be performed at any time interval (by the second, by the minute, hourly, weekly, bi-weekly, monthly, etc.), on any subset of assets in order to get near real time threat intel. The innovative malware detection capabilities and global blacklist (with historical data dating back four years) combine to provide a potent detection framework that is an effective solution for businesses looking to protect customer data being shared and stored outside the firewall.

- Peter Zavlaris, RiskIQ Blogger

Subscribe to Our Newsletter

Subscribe to the RiskIQ newsletter to stay up-to-date on our latest content, headlines, research, events, and more.

Base Editor