This page contains a Flash digital edition of a book.
ASK THE EXPERTS


WILL RETAIL EVER BE SAFE FROM ONLINE THREATS?


Forrester analysts George Lawrie and Andrew Rose discuss the rise in online security breaches and the techniques retailers can adopt to prevent and proactively manage such situations





Online retail has changed the game and across the world, it’s clear that UK firms have been


the leading the way,” said Lawrie, who is vice president and principal analyst serving application development and delivery professionals at analyst firm Forrester. Lawrie and his colleague Andrew Rose, principal


analyst serving security and risk professionals, both feel customers are seeking more tailored retail experiences through smartphones and tablets. Lawrie predicted this will make up 17.6% of UK online retail sales in 2014. “This personalised service requires deep customer insight, driving retailers to retain, track, and analyse customer information in order to predict behaviour and deliver compelling sales offers,” he explained. “Such customer data, in the form of credit card details, transactions, name and home address, is irresistible to cyber criminals on the prowl for a quick killing.” He notes that UK cyber fraud increased in 2013


by nearly 7%, to an estimated £280 million. “Forget the notions of a lone hacker operating from their bedroom. Those days are long gone; modern cyber criminals are groups of skilled individuals who operate a value chain rather similar to that of their retail victims. “They specialise in their selected competence,


buying in third party skills, tools, and support, as needed to execute their ‘mission’. They may, for example, purchase knowledge of vulnerabilities for target organisations, rent access to custom written malware to break into systems, pay for email services to spread the malware, utilise cloud services to break passwords, and then sell stolen data onto other operators.” He noted that this specialised, distributed model means that cyber crime is a low risk and high reward profession; criminal intrusions are rarely discovered, it is difficult to identify the perpetrator and taking legal action is often prohibitive as the criminals are based overseas. “Despite knowing about the threat, retailers seem powerless to resist online attacks, with news stories of breaches breaking regularly,”


14 Autumn 2014


he continues. “Target is the landmark, losing 40 million customer records to malware that captured transactions at the point of sale, but there are numerous others including Neiman Marcus, and Michaels Stores.” He says many of his retail clients despair of


success in resisting cyber fraud, especially when they see various European Union (EU) member governments and even security firms succumb to attack. “But retailers must continue to build cyber defences, because attacks will intensify and undermine customers’ trust in their retail brands,” he urged, noting that planned revisions to EU Data Protection law also threaten significant fines for security breaches. “Implementing basic best practice controls can


stop up to 80% of common cyber attacks, allowing firms to focus on managing the controls and impact around the remaining 20%,” Lawrie said. “Seek out the UK government “10 steps” recommendations, which according to research, 74% of companies still have not implemented. “In the Neiman Marcus breach, hackers stole


350,000 credit cards and customer identities over a period of 3 months. In that time, the attackers triggered 60,000 alerts, all of which were ignored!” He commented that similarly, Target’s system


Forget the notion of a lone hacker operating from their bedroom. Those days are long gone.


alerted the firm three days before the customer data was stolen. “Security systems do create numerous alerts and false positives, but it is essential that retailers have sufficient resource to review and react to them all in a timely manner.” He recommended techniques such as setting


up a new alarmed server with a tempting name as a redundant ‘honey-pot’ server and monitoring connections and advises retailers to ensure they have a well-defined plan for responding to a breach to protect customer trust. “Firms can retain or even enhance that trust


when they are breached, but they will impair trust in their brands if they are hapless, secretive or unethical in their response,” he concluded.


www.retailtechnology.co.uk


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60