Trustwave SpiderLabs Uncovers Unique Cybersecurity Risks in Today's Tech Landscape. Learn More

Trustwave SpiderLabs Uncovers Unique Cybersecurity Risks in Today's Tech Landscape. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Why Preventing Retail Breaches Requires a Team Effort

2014 is very much shaping up as the Year of the Retail Breach - nary a week goes by in which we don't hear of a new merchant that has been hit - but that shouldn't come as a surprise to anyone. Consider this: If Bonnie and Clyde were around today, they'd find hacking merchants to be easier and more lucrative than knocking over banks.

Indeed, retailers worldwide are awash in credit card numbers, which they accept via in-store purchases and on e-commerce websites. Despite growing awareness to the problem and prescriptive requirements promulgated through the Payment Card Industry Data Security Standard (PCI DSS), attackers continue to skill fully fine-tune their techniques to pull off massive data heists. As the 2014 Trustwave Global Security Report discovered, retail was the top industry breached last year - making up 35 percent of the attacks we investigated. Meanwhile, e-commerce comprised 54 percent of assets targeted in all of the data-loss incidents we examined.

According to recent analyst research, it also appears that retailers are not allotting enough money to deal with the problem. And others, it seems, are failing to recognize the risks at all.

A common misperception held by some is that this rampant run of merchant breaches can only be halted through the widespread introduction of fraud prevention mechanisms, such as chip-and-PIN. But that's not the case. These methods may reduce the likelihood of an attacker being able to use stolen information, but it will not prevent an attack.

Rest assured, however, that there are steps retailers can take to make them a less attractive target and push back the saboteurs. But to achieve this, a team effort from across the organization is required.

Here are three groups that must be involved:

IT managers/CISOs:

Malware must remain a top-of-mind concern for retail IT departments. We've told you about sneaky point-of-sale malware families such as Backoff, which comes equipped with advanced RAM scraping capabilities and can enter through third-parties to cause devastating breaches. For those organizations that simply lack the time, budget and resources to handle the situation themselves, they should consider offloading the responsibility to a managed security services provider.

Application/database managers:

Vulnerable applications, such as payment or e-commerce apps, are a common vector through which attackers establish an initial foothold in a retailer environment. The databases that support those applications must also be protected because they often contain the prized assets that hackers are after. Services such as vulnerability scanning and penetration testing, combined with web application firewalls, are critical.

Senior executives/CEOs:

Arguably the most well-known compliance mandate in existence is the PCI DSS. Merchants will need to validate compliance with version 3.0 beginning Jan. 1, and there are some big changes afoot, including new pen testing requirements and additional burdens on e-commerce merchants that redirect payments to third-parties. Failing to comply with the guidelines is a board-level issue because it can result in big fines, reputation damage, lost customers and potentially the stripping of the ability to process credit cards. Compliance with PCI DSS can never guarantee security, but it goes a long way to establishing a security baseline and reducing risk.

Dan Kaplan is manager of online content at Trustwave.

Latest Trustwave Blogs

Unveiling the Latest Ransomware Threats Targeting the Casino and Entertainment Industry

Anyone who has visited a casino knows these organizations go to a great deal of expense and physical effort to ensure their patrons do not cheat. Still, there is a large group of actors who are...

Read More

Third-Party Risk: How MDR Offers Relief as Security Threats Abound

While third-party products and services are crucial to everyday business operations for almost any company, they also present significant security concerns, as high-profile attacks including...

Read More

Trustwave Takes Home Comparably Best Company Outlook for 2024 Award

Comparably, a leading workplace culture and compensation monitoring employee review platform selected Trustwave to receive its Best Company Outlook for 2024 Award. This award marks the seventh time...

Read More