It’s hard to believe that almost a year has passed since Target announced that its credit card payment system was breached. Considering the hit to Target’s reputation, you would think that retail outlets would have been stepping up the security game. However, as we’ve seen throughout the year, retailers are still being hacked on a fairly regular basis. As we approach another Black Friday and Cyber Monday, what does the security landscape look like for consumers and businesses?
Not good, actually. In a blog post, Zscaler reported a large spike in phishing and other online scams meant to lure unsuspecting customers to bogus websites, and despite being more educated than ever about how to spot a phishing scam, consumers are still falling for them. An NPR article highlighted how easy it is for a criminal to hack credit card readers in stores.
You’d think that these concerns would have more people using cash and shopping in person, but we know that isn’t happening. As consumers, we’re dependent on plastic currency and the comfort of shopping from the living room sofa. And as consumers, too many of us practice bad habits – using debit cards rather than more secure credit card options or using unsecured Wi-Fi or not verifying the security of websites when making online purchases. Then when something bad happens, it is the reputation of the business that takes the hit, justified or not.
So this Black Friday and Cyber Monday season, businesses will want to step up their security game. This means making sure all software and operating systems are patched and updated. Are digital transmissions encrypted? How secure are the vendors and consultants who have access to your network – remember, Target’s breach was caused by a third-party vendor. Also, are you prepared for a DDoS attack? Information Security Buzz stated:
DDoS attackers no longer stop at causing site outages. Increasingly, cybercriminals are now using DDoS attacks for “smokescreening,” distracting IT staff while inserting malware to breach bank accounts and customer data. In 2013, over 50 percent of companies hit by DDoS attacks suffered theft of funds, customer data or intellectual property.
Of course, mentioning these things the week of Thanksgiving doesn’t exactly give anyone time to prepare. I hope that retailers, especially small and midsize retailers, took Target and the other breaches to heart and have their security plan in order as the holiday season approaches.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba