Retail and E-Commerce: Easy Targets for Hackers
Brick and mortar retailers, and e-commerce companies, are frequent targets for cyber criminals. In fact, the retail industry suffered almost half of all confirmed data breach incidents in 2016. This may be due in part to attackers’ success rates. According to the 2016 Verizon Data Breach Investigations Report, 99 percent of the time hackers were able to break into point of sale systems in only a few hours.
Meet PCI DSS, Protect Your Customer Data
Delta Risk can help you develop, implement, and manage an information security program that meets the Payment Card Industry Data Security Standard (PCI DSS) and also addresses broader cyber risks.
Our team of certified security professionals has extensive knowledge of the unique threats facing retail and e-commerce businesses. We offer a full complement of services to help you address your information security program, manage your technical security needs, and overcome with the effects of a breach (if necessary).
Beyond managing the direct threat to your data, systems, and networks, you must address multiple compliance and liability risks. Meeting PCI DSS compliance requirements is not a simple task. And even when those requirements are met, there’s no guarantee your company will be immune to cyber-attacks. To be truly secure, you need a comprehensive cyber security program developed with the benefit of expert, third-party assistance.
We can not only help you develop a comprehensive cyber security program to protect your customers’ data, we can review its effectiveness to meet PCI DSS requirements.
Test the Effectiveness of Your Cyber Security Program
ActiveInsight: PCI DSS Security Program Assessments
Our assessments review your current program’s strengths and any perceived weaknesses. We will deliver comprehensive analysis, including a detailed action plan, to resolve weaknesses and tackle your most crucial needs. A sample of our assessment services is provided below:
- Cyber Security Program Assessment
- Risk Analysis
- Security Program Maturity Review
- Defense Assessment
- Third-party vendor review
We tailor our assessments to evaluate your information security program against PCI DSS criteria or the best practices of the ISO/IEC standards. Based on our finding, we can advise your organization on the best methods of balancing compliance and risk management against resource constraints.
Our analysts will also test your cyber security program with red-team and table-top exercises meant to replicate real-world incidents. We customize these exercises to the specific requirements of PCI DSS and the relevant threats to retail businesses like yours.
These tests can include such exercises as:
- Internal and External Penetration Testing
- C-Suite Table-top Exercises
- Functional Level Incident Response Table-top Exercises
Take Advantage of Tailored Services to Meet Your Security
ActiveEye: Retail and E-Commerce Managed Security Services
Delta Risk’s managed security services allow your business to expand your current security measures or replace them altogether as needed. We custom-tailor our services to meet the requirements of PCI DSS as well as any of your additional, unique needs. Learn more about PCI DSS requirements and how various ActiveEye services meet those requirements.
Find Undiscovered Network Threats Faster
ActiveResponse: Breach Response Services
If a breach has occurred, or you suspect one is in progress, Delta Risk can help. We provide a variety of services through hunt, coach, and response capabilities to help companies like yours respond effectively to a breach event. Some of our response services include:
- Business Impact Analysis
- Disaster Recovery Planning
- Incident Response Planning
- Digital Forensics Services
Related White Papers
There is a diversity of compliance requirements and threats facing financial institutions. For more detailed information on each of the areas discussed, please see our additional resources below:
White Paper: Top 10 Cyber Incident Pain Points: Are You Prepared?
White Paper: Cyber Security and the Board of Directors
Cyber Threats to Retail – the New Norm?
Many people became aware of the threat of hackers targeting customer data during the TJ Maxx data breach in 2005. Since then, the attacks have only increased. While large-scale breaches like those that affected Target (2013) and Home Depot (2014) tend to make headlines, the reality is that small and mid-size businesses are just as vulnerable, if not more so. Why is this so?
Hackers could be targeting your systems for a variety of reasons. A prevailing goal is to collect customer information and use it to make fraudulent purchases, create false identities, or sell the data to others — there is a large and thriving black market for cardholder data.
These actors could also be targeting your system for other reasons. Instead of cardholder information, they may be looking for information on your employees. The information your human resources department holds on employees could be just as valuable to hackers as payment information. They could similarly be searching for your company’s financial information, or they could be seeking access to your network to disrupt business operations.
Regardless of the hackers’ goals or motives, a breach can be very costly for your company. If breached, your company would initially suffer the direct costs of dealing with the aftermath of a breach. These may include digital forensic costs, public relations costs, and the costs of paying for credit monitoring of customers affected by the breach.
Once contained, a breach or other security crisis can continue to cause harm to your company for months or years to come. It will require your business to implement stronger security measures as well as possibly purchase or increase cyber insurance coverage. A data breach may result in several different compliance and regulatory liability costs (anchor link to below) for your company. Ultimately, the biggest cost may be the damage to your brand and reputation.
Related Blog Posts
Compliance and Legal Liability Issues in Retail
The global credit card entities developed a set of regulations to protect cardholder data known as PCI DSS. It applies to all entities that process, store, or transmit payment card information. The standard is comprised of many requirements that represent six control areas or goals:
- Build and Maintain a Secure Network
- Protect Stored Cardholder Data
- Maintain a Vulnerability Management Program
- Implement Strong Access Control Measures
- Regularly Monitor and Test Networks
- Maintain an Information Security Policy
Achieving PCI DSS compliance is a complex and continuous process. Falling out of compliance could mean liability for a breach event or losing the privilege of processing credit cards altogether. Learn more about the specific requirements of PCI DSS and how your organization can ensure compliance.
Besides PCI DSS compliance, another concern for retailers is legal liability issues. The Federal Trade Commission (FTC) is the major federal regulator in this field. They have authority to prosecute businesses that operate in a way that is unfair or deceptive. If your privacy statement makes claims regarding the level of security you provide for your customers’ information, and you suffer a breach, the FTC may initiate a claim against you for unfair or deceptive business practices.
Furthermore, the customers who suffered the breach could file a claim against the company. For instance, the members of your board of directors could be held personally liable for damage done to the company in a shareholder derivative claim.
Cyber threats do not stop with technical vulnerabilities. Retailers and e-commerce businesses must confront an array of compliance and liability risks as well. Delta Risk can help manage these risks.