It was late last November that Target was hacked and 110 million customers had their card data or personal information stolen in one of the largest data breaches ever recorded. One year on and Target is still recovering. Profits for the first six months of the fiscal year were down 41%, and costs associated with the incident were estimated to have reached $148 million by the second quarter.
A CreditCards.com report out last Monday surveyed credit and debit card holders, and found that 45% of shoppers ‘would definitely or probably not shop at a retailer that’s suffered a breach’. 16% said they definitely would not return to a retailer if the store had been hacked and 29% said they probably would not shop at such stores.
With Thanksgiving, Black Friday, Cyber Monday, Christmas and the January sales all on the horizon, retailers around the world will be looking at ways to maximize sales, get people through their doors and set their tills ringing.
But if revenue is that important, does it mean that everything – including customers’ personal data – gets second priority?
Last year, Target was made aware that malicious activity had appeared on their systems on November 30. After an initial evaluation by the Target security team, they determined that ‘it did not warrant immediate follow-up’.
The hackers then worked at ‘unprecedented speed; for 19 days to gather millions of customers’ card data and personal information before they were finally stopped.
The data breach was confirmed by Target in an official press release on December 19, 2013.
Being hacked at any time isn’t good news, but when it happens at the most important time of year for retailers, a data breach can really take away the festive cheer.
Richard Turner, Vice President of Firefly – a leading security specialist – commented:
“Advanced attacks are the new reality for business and government. By preparing an effective defensive strategy, organizations can avoid the risk of sitting on the sidelines as their data and intellectual property find their way to competitors, adversaries or hacktivists.”
So what does an effective defense strategy look like?
Well we’d make three suggestions:
First, conduct a penetration test right away to assess the current level of security on your networks and systems. Penetration testing is relatively inexpensive and provides a fast and efficient way of identifying any weaknesses in your security.
Second, take action based on what your penetration test finds. Don’t just ignore the vulnerabilities it finds because you’ve got sales targets to focus on. From now until the new year, hackers will be at their most active, and it should be the time when your business is most active in securing your systems too.
Third, look at implementing an information security management system (ISMS). An ISMS is a structured way of continually managing data and ensuring that your cybersecurity stands up to the latest threats. ISO 27001 is the globally accepted standard for an ISMS – find out why by downloading this free green paper >>
Avoid being the next Target by testing your systems and acting upon those findings before hackers get there first.
IT Governance provides fixed-price CREST-accredited testing services that can be deployed by any organization looking for better protection. Book a penetration test now >>
Book the Combined Infrastructure and Web Application Penetration Test – Level 1 and we will carry out an email phishing campaign to test your staff awareness free of charge.
This combined penetration test will identify potential vulnerabilities in your external infrastructure and web applications and provide recommendations on how to improve your network security, enabling you to comply with client requests and facilitate compliance with ISO 27001.