During the holidays, most people are thinking about family, food and, of course, shopping for presents. But for retailers, the holiday season is all about data security and protecting themselves against the influx of attacks from malicious actors. A recent study by BitSight Technologies, a platform that rates the effectiveness of enterprises’ security, looked at the risk of data breach facing 300 of the biggest retailers. The report found that more than half of the companies analyzed are less secure today than they were in 2013, mostly because cybercriminals have been able to breach retailers’ firewalls and steal information quicker than ever before.
According to a recent CNBC report, the average American will spend $765 during this holiday season. That’s more than shoppers have spent in the last five years and an increase of 12 percent more on average from 2013. With a greater amount of money flowing from bank accounts and credit cards relaxing their fraud restrictions between Black Friday and Christmas day – as is usually done during the holiday shopping season to speed transaction times during the rush – there is an even greater risk of cybercrime this year than in those previous.
“It’s the perfect time to get boatloads of credit cards in one shot,” said cybersecurity expert John Kipp. “The holiday season is a wonderful time for criminals.”
Not only are U.S. shoppers spending more money in 2014, they are also especially worried about the safety of their financial information. A Gallup poll released recently found that nearly 70 percent of Americans frequently or occasionally worry about having their personal data stolen. At a time when consumers are most concerned about how their information is being protected, retailers are struggling more than before with implementing sufficient defense practices.
Lack of knowledge means lax protection
The now infamous breach of Target’s networks and point-of-sale systems took place during the holiday shopping season last year, and now the retailer is synonymous with poor cybersecurity. Tens of millions of credit card numbers were exposed in that hack, and attackers have only gotten more sophisticated in the meantime.
Part of the problem is that most retailers don’t have cybesecurity expertise in their C-suites and don’t consider data protection a core competency, although it is becoming a bigger part of the industry every day. With little inside knowledge on security best practices, organizations are one step behind the hackers and are scrambling to plug holes in their defense systems before the leak gets too big.
“Compared to two years ago, I would say that not much has changed except the urgency by the criminals,” said cybersecurity researcher Martin Ferenczi.
One of the most reliable ways retailers can increase the protection of customer information is to implement a layered security strategy. Layered security, or having multiple defense practices in place simultaneously, is especially beneficial for retailers because it protects at every possible entry point. Solutions like Faronics Anti-Virus offer traditional firewall protection, as well as Anti-Spyware, Anti-Rootkit, Anti-Virus and Web filtering.