Developments in the cyber attacks and data breaches in the U.S. retail industry

If there was any doubt that cybercriminals are going especially after easy money, the attack on the “Target” retailer is the best proof of it.

In the retail industry in the U.S. people are used to pay with credit cards and this is the perfect place to attack.

Nobody thought until now that if one pays for groceries, clothes or other utilities, you put all your economies in danger.

Retail is much easier to attack also because those behind the cashier station are not trained to detect and prevent cyberattacks in form of malware or devices that hardcopy the credentials with a device attached to the POS machine.

They might be instructed to press an alarm button if someone points a gun at them, but not if someone starts a cyberattack to steal financial data of credit cards.

 

Unfortunately, the retail industry has still a long way to go until they can protect their customers against this category of fraud.

Another issue to consider is the fact that exactly the employees of retail companies might install the malware or the hardcopy device in order to make some extra money, because they are usually not so well paid.

 

In the end, the retail companies have to invest in 3 directions if they want to prevent in the future such attacks:

–          Educated employees to prevent and detect such attacks

  • This is time consuming and very expensive because it has to be done continuously since the threat landscape evolves very fast.
  • It is, however, the only secure way to prevent these attacks on the long term

–          Invest in infrastructure in order to not easily allow anyone to start such an operation.

  • Special computers with restricted access, secure POS devices that are tempering attacks, restricted access to the devices

–          Invest in security software that prevents common and targeted malware (or devices) to take over the control of the computer connected to the POS

  • Assuming that all the PCs that are used to process payments are x86 and running Windows, there is a very good chance that a standard security solution can provide a good level of protection against malware.

These actions require time and resources and that’s why I am not sure if the companies are now ready to do this investment just because only one company got hit (ok, got hit very bad).

The biggest problem the IT Security industry has is the fact that the companies continue to think, despite all cases presented in media,: “This is not going to happen exactly to us”.

And when they start thinking about, it is usually too late and they need to start with damage control.


© Copyright 2014 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check www.mustaca.com for the IT Consulting services I offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie http://de.itsecuritynews.info für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca

Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since year 2000 in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is an independent IT Security Consultant focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close