For years, retail executives have mined economic trends, demographic profiles, purchasing histories and other Big Data to develop powerful marketing tools for increasing revenue. But following a barrage of high-profile cyber-attacks on Target, Adobe Systems, Home Depot, Ashley Madison and countless other retail companies, CXOs are increasingly shifting their focus from treating Big Data as a source not only of rich financial insight but one of potentially catastrophic risk.
Table of Contents
Cyber Security in 2016
Despite a decade or more of effort and spending in the billion-dollar range, the global retail industry remains inadequately protected against data thievery and malicious attacks on the sensitive financial and personally identifiable information on which it depends. Of the 970 financial professionals who responded to a survey at the Association for Finance Professionals conference in 2013, 62% said that their organization has been subject to either an actual or attempted cyber-attack at least once over the past year — and those are just the known attacks. Some attacks aren’t discovered until a year or more later, at which point the damage can be insurmountable. Not only do these attacks decimate a company’s reputation, they also represent a high financial cost: customers’ credit cards must be replaced, for example, and stock prices often take a significant hit.
Historically, retail CIOs have been charged with addressing data vulnerabilities but CFOs are increasingly playing a crucial role in the important work of security management. According to Deloitte’s third-quarter 2014 CFO Signals™ report, 74% of the 103 CFOs surveyed said cyber-security is a top priority, while only 6% deemed it a lower priority. Retail CFOs, for one, are responsible for maintaining control over financial reporting, and must understand where information is at all times — and how it is secured — to prevent loss of funds through theft or the cascading effect of a business partner’s security breach. CFOs are also expected, of course, to provide complete disclosure to their corporate board, including disclosure about the possibility of cyber-attack and its potential effect on the financial standing of the company.
Retail is a Target
The most common threat vector associated with the retail industry is theft of credit card information at the application and transactional levels (via online or in-store shopping, for example), but risks also exist at the levels of both service (especially in terms of supply chain) and infrastructure, which is increasingly controlled by cloud computing and distributed servers at multiple stores across multiple states or countries, scattering sensitive customer data far and wide.
With the booming popularity of online shopping and shopping apps, Big Data security at the application level is of paramount importance. Although these websites and apps make shopping simple and convenient, they can also jeopardize customer data when data-sharing protections such as encryption, access-control technologies and digital certificates are not adequately robust or standardized across-the-board. Moreover, end users are too often tricked through hackers’ social engineering efforts into accessing malware-laden websites, downloading infected files or using weak passwords that can compromise not just their data, but the data of millions of others.
Types of Attacks
Retail transactions have always been a target for thieves, and transactional-level attacks continue to represent perhaps the greatest source of headaches for CXOs in this sector. Complicating matters within the contemporary retail ecosystem is the inclusion of third-party financial institutions. Attacks on targets such as banks and companies like PayPal can adversely affect business when customers no longer feel that using their credit card, debit card or online account is safe. Security must also be ensured at point-of-sale terminals such as cash registers, barcode scanners credit-card swipe machines equipped with PIN pads, which are too often the target of PIN thefts.
Service-level attacks, while not as common as those at the transactional level, still represent a significant threat to Big Data security for retail. IBM Security Intelligence reports that attacks by those with intimate knowledge of retail companies account for only 3 percent of data security breaches, but the fallout can be monumental. Moreover, when a culture of security is not established within a company, a service-level breach at one checkpoint within a company can lead to a domino effect. Supply-chain data breaches also represent a growing threat within the retail sector, especially with continued reliance on outsourcing and manufacturing in the developing world, where security protocols might not be as robust.
At the infrastructure level, retail companies have seen a surge of distributed denial-of-service (DDoS) attacks, an attempt by multiple servers to send simultaneous requests to the target’s Web servers with the intent of making them crash. When a retail website crashes, its customers go elsewhere. Even worse, attackers often use DDoS attacks to distract a company while they simultaneously steal customer data. Compounding the problem is a sector-wide dependence on legacy or unpatched technologies. Insecure system configurations can also facilitate or exacerbate these attacks, and companies must also increasingly consider the safety of IoT-based devices such as printers and security cameras. Even wireless access or the in-store voice or IP network can pose a security hazard when malicious hackers can gain access.
Yet for all the security risks attributed to Big Data, retail companies’ confidential data files — such as internal emails and audio recordings of telephone conversations — also provide a means to manage that risk. One example that can provide Big Data security at the service level is a technology called “natural language processing,” which mines millions of documents — such as transcripts of phone calls — to reveal the word order and tone of telemarketers as they attempt to sell a particular product. This insight could help a bank’s risk managers, for example, avoid unwanted attention from regulators by either firing or retraining call-center workers who are engaging in predatory lending practices.
Your Big Data Security Solution
Round World Solutions’ Big Data 360-degree Tool can assist CXOs as they take effective measures to both prevent and mitigate cyber attacks by criminal organizations, hacktivists and espionage units worldwide. Our custom, template-driven checklist can determine the level of risk at every level of security management, provide a window into how targeted information might be used by cyber criminals in an ever-changing threat environment and help companies act swiftly to determine the nature of an attack and reduce damage should an attack occur.
RoundWorld Solutions’ Big Data tool can help retail companies perform data-flow analysis to trace the location of data at different times during a business process. The method can, for example, prove especially useful in detecting attacks on retail point-of-sale devices that copy debit or credit card data to an internal server. We can also show you how to use Big Data to your company’s advantage by mining it for insights that will help ensure the security of sensitive information — and company operations — going forward.
The cost of a cyber-attack, whether financial or reputational, can be astounding.
As cyber-attackers become more organized and their attacks more sophisticated, industry executives must take action to shore up security protections and protect their company’s brand reputation, trust dynamic and financial bottom line. Finance chiefs understand that spending a small amount up front can not only save the organization a great deal in the event a breach occurs, but — when Big Data is managed wisely and securely — can provide a significant return on investment in peace of mind.
Our Big Data 360 tool provides CXOs with a unified, top-down view of programs and initiatives that pertain to data security at every level, from applications to services to transactions and infrastructure.
Our expertise in building robust security practices translates to real, practical solutions for each area within your security scaffolding, from customizing our template-driven checklist to ensure that documents being shared between hospitals are protected from security breaches to preventing the kind of breaches at a service level that can hurt both a company’s share prices and its reputation.
Most importantly, RoundWorld can equip your business with systems and approaches that maintain security and both the transactional and infrastructure levels without jeopardizing clinical operations or patient health.
Learn More About Our 2 Week Assessment
or contact us directly today.
This article was provided by:
Tiffany Fox
Public Information Officer
RoundWorld Solutions