Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

PCI inertia maintains high cyber risk for retailers

New Net Technologies : 30 July, 2014  (Technical Article)
Not enough retailers are taking cyber security seriously despite the proven vulnerability of the sector and concern from within the retail industry
PCI inertia maintains high cyber risk for retailers

Willis Group’s recent analysis of cyber risk disclosures from Fortune 1000 retailers draws on data from the recent Verizon report of breaches which showed that the retail sector is the most featured in terms of financial losses in Verizon’s ‘Large Breach Category’. The Retail sector is also shown to have the highest percentage of losses that are of a financial nature.

Conclusion? The retail sector is proven to be a successful hunting ground for hackers.

The climate of fear among retailers is palpable. When Willis compared different industry sectors’ attitudes to cyber risk, they found that Retail was the most openly concerned about cyber security. In fact, 57% of Retailers questioned reported that their cyber risk was ‘significant, serious, material or critical’, while the cross-industry norm is more like 43%.

So the threat to business is well understood and acknowledged by most retailers. The Target breach was so huge and widely-reported (40 Million card numbers stolen, 70 million customers affected by personal information loss) that it has generated the kind of worldwide publicity that can’t be ignored. This appears to be galvanising retailers into action over cyber security measures, however, not all are addressing the issue with the gravity it demands.

Within the Retail Industry there is a ready-made security standard in the shape of the PCI DSS, which describes in detail twelve key requirements for security best practices to be implemented and operated. Unfortunately, many see it as being over-complex, inflexible, expensive, and complicated. This is to ignore its comprehensiveness, which provides protection from the wide range and depth of threats and attack methods, from the simple but effective card-skimming scams through to the advanced persistent threat-style malware attacks seen at Target.

Ironically, Target has been used by some as evidence that the PCI DSS doesn’t work, after all, Target was breached? To the contrary: subsequent reports suggest that some of the incident handling procedures at Target failed. In other words, poorly implemented and operated PCI measures not only fail to provide protection but provide a false sense of security that leaves the business as exposed had they not taken any precautions at all.

Unfortunately, there is a sizeable ‘PCI-Inertia’ to overcome for any retailer, but the learnings of recent breaches within the retail sector point to the inevitable conclusion that PCI DSS must be given the importance it demands. The bottom line is that failure to embrace PCI DSS comprehensively will leave the business exposed to breaches and financial losses.

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo