Canadian Retailer - Summer 2012 - (Page 46)

LOSS PREVENTION HACK ATTACKS Vulnerable retail systems a favourite target of hackers BY ROBERT PRICE A famously inarticulate metaphor compared the Internet to a series of tubes. Comparing the Internet to a series of doors might be a better metaphor. Every door opens onto another door and there’s not lock that hackers can’t pick open, given enough time. The good news for hackers is that they don’t need to pick many computer locks. For every secure retail computer system, there’s a retail business with a compromised network. That’s like leaving cash in the till and the door wide open. DATA INSECURITY A recent report commissioned by Verizon studied data insecurity in the U.S. and found that hacking is widespread, nearly invisible to victims and largely “avoidable.” The researchers found that 96 per cent of breaches were “not highly difficult” while 85 per cent of breaches took “weeks or more” to discover. Most attacks were launched by outside agents, with 58 per cent theft tied to activist groups. But what might disturb retailers most is the fact that 96 per cent of victims who were supposed to be PCI DSS compliant were not. There is little reason to believe that Canadian businesses are any better off than U.S. businesses. Yuk Fai Chan, a security consultant at Security Compass, says Canadian small businesses might be a favourite target for hackers because there is so little understanding about the depth and threat posed by hacking. “We always hear about the large corporations being hacked because it’s high profile and involve a lot of compromised credit cards. In terms of small retailers, it might happen every day but things are not reported as well as large breeches at large corporations. When you add it up, small businesses could still be a large proportion of what is being attacked by criminals.” The bad news for Robert Beggs, CEO of Digital Defence, a computer security company, is that there is no single stat that explains the scope of the threat to small businesses. “Worse than that,” he says, “40 per cent of the time when we go into a company to test the security, we find someone else has broken into the network already and they didn’t know about it.” LAX SECURITY The overriding problem for small businesspeople is that many don’t see themselves as targets because their revenues are so small compared to major retailers. They see themselves as small fish, and who wants to troll for guppies when there are big fish to catch? This reasoning is dangerous, says Begg, because hackers are after data—not bank balances. For retail businesses, which collect information about customers and process payments, data is rich. “Hackers want particular data types and they can’t get it from a major bank. But if the bank gives it to a two person company they become a target,” says Beggs. Hackers also target small businesses because independent retailers have systems that are easy to compromise. Some businesses make it easy by making elementary mistakes, like not changing the default passwords on their log-ins. To find these vulnerabilities, all hackers have to do is scan the Internet and they’ll find these access points. “If you think of this from a hacker’s perspective, you can either spend years trying to penetrate a really secure system, or you could go for volume and target thousands of retailers and have small incremental gain,” says Sahba Kazerooni, Director of Professional Services at Security Compass. OUTRUNNING THE BEAR Beggs says retailers wanting to revamp their security need to remember the story of the two men running from a bear. “I don’t need to outrun the bear,” the one says to the other, “I just need to outrun you.” “Most retail enterprises have to be just better than their competitors or someone else, and the hackers will go to someone else,” says Beggs. At a minimum, independent retailers need to make sure their computer systems have current software and that they install new updates 46 | canadian retailer | summer 2012 |

Table of Contents for the Digital Edition of Canadian Retailer - Summer 2012

Today's Trends in Online Shopping
The Canadian eCommerce Tipping Poing
Cooking Up Change
Mobile Payments: The Top-10 Things to Know About Mobile Payments
CDN/US Price Disparity: Pricing Without Borders
Loss Prevention: Hack Attacks
Privacy Matters: Helping Retailers Navigate The Privacy Landscape
Publisher's Desk
Shop Talk
Director's Message
Retailer's Guide

Canadian Retailer - Summer 2012