Report • 23.05.2016

Hackers in search of data treasures

IT security needs to become a top priority for the retail industry

Retail networks include a variety of areas and devices....
Retail networks include a variety of areas and devices.
Source: Bildagentur PantherMedia / everythingposs

Holding up a supermarket or a gas station can pay off for criminals. Retailers are a worthwhile target, especially at night when the day’s takings are still at the store. But the potential yield for cyber criminals is far greater. While retailers for decades had plenty of time to prevent shoplifting in their stores, IT security has not been a real issue in the industry sector for quite some time.

It still applies to most retailers today: stores are extensively equipped with video surveillance and electronic tags but when it comes to “data security“, retailers just shake their heads. In the EHI study ”IT Trends in Retail 2015“ , only nine percent of participating retailers mentioned the subject of IT security when asked about the latest technology trends. 

Even though at least 26 percent of interviewed companies have a designated department to handle IT security management, it is still often possible for somewhat experienced hackers to steal thousands or millions of credit card and customer information without any major effort and make large profits by selling it. They gain access using various methods such as viruses, spyware or phishing (a method to acquire personal information of a user by setting up fake websites or emails). They gain access to the retailer’s network and are able to steal sensitive data. 

Major retail chains are primary targets 

By nature, networks of major retailers are especially complex and include various components like the internal network management, geographical markets, stores, POS systems, sales assistants, suppliers, customers and mobile devices. The larger the retailer, the more customers he has. The data trove criminals need to break into is subsequently also huge for multinational corporations. Last year, the Dell computer company published a list of the most serious attacks to date on major retail chains (though only those cases affecting the U.S.).

Ein Viertel der Händler haben eine eigene  Abteilung für das IT Security...
Ein Viertel der Händler haben eine eigene Abteilung für das IT Security Management.
Source: EHI Retail Institute

Beyond the United States borders, for example, the theft of 40 million credit and debit card numbers and other personal data of 70 million customers of U.S. discount retailer Target made headlines. It still is the largest case of data theft in U.S. retail. Home Depot (56 million stolen credit card numbers and 53 million exposed email addresses) as well as Michaels (three million stolen credit and debit card numbers) are also among the most prominent victims.

Cyberattacks are on the rise – digitization is also to blame

In a recent survey by Capgemini Consulting, 44 percent of all companies in the “consumer goods & retail” industry indicated to have been a victim of a cyberattack at least once. Especially the advancing digitization in stores with new services like free Wi-Fi for customers or digital in-store services such as QR codes and navigation apps create new risks. In the case of insufficient security, these can also represent entry points for cyber criminals. 
To get to know their customers better, retailers store far more personal data than they used to in the past – everything ranging from customer purchase history to detailed profiles primarily generated with the use of loyalty programs. And needless to say, the increasing amount of data also increases the incentive to steal it. 

Serious repercussions for retail companies

Many retailers are actually oblivious to the consequences of data theft on a grand scale, which is why they also underestimate the required investment or even completely forego security solutions. Cyber criminals obviously don’t steal any tangible assets (such as cash for example). However, they potentially wreak even more havoc through data theft. After all, when serious cases of data breaches become public, retailers need to invest significantly in communications with their customers. 

In the months immediately following the theft of customer information, Target, for example, invested a whopping 61 million U.S dollars in customer communication to put its concerned customers at ease. Added to this are potential payments resulting from the retailer’s promise to its customers to pay any fraudulent charges that can be directly traced back to the data breach. All of this resulted in Target’s profit falling 46 percent during the subsequent Christmas season. Other retailers like Staples for instance even offered its potentially vulnerable customers to bear the costs for identity theft protection – for example, credit monitoring services or free credit reports.

Datendiebstahl hat gerade für Einzelhändler große Auswirkungen....
Datendiebstahl hat gerade für Einzelhändler große Auswirkungen.
Source: Bildagentur PantherMedia / ventanamedia

Added to this is the fact that digital theft is harder to quantify and measure than the loss of cash for example. What’s more, hackers might have stolen or copied more data than it first appears. At the same time, there is always a risk that previously undetected malware remained in the network and might lead to further losses at a later point in time.

Centralized threat assessment – segmentation of network resources

In the case of a typical data leak in retail, data collected at the POS is shifted to other parts of the network where it actually does not belong. In a white paper on network security in retail, Dell recommends a zone-based security concept. When retailers split network interfaces such as customer computers, inventory servers and back office databases within the network into separate zones, it is easier to ensure that only authorized users have access to the respective zones. In this case it would mean that data from the POS is only forwarded to payment processing, but data transmission to other areas of the network would effectively be impossible. 

This is certainly an effective method to quickly detect unauthorized data transfer, or ideally to prevent it entirely. However, consolidating data is just as important. When information about various network threats is consolidated in the cloud, the available computing power is simply higher, which in turn results in shorter response times and enables a more effective defense against security threats. 

The key to effectively protecting a retail network, on the one hand, lies in segmentation to quickly identify unauthorized data transfers. On the other hand, information on network threats needs to be synchronized in the entire company, so that you can take action against the attack on a broad scale.

Author: Daniel Stöter, iXtenso.com

related articles:

popular articles:

Thumbnail-Photo: RFID tags with features for the cashierless store...
29.10.2018   #mobile payment #payment systems

RFID tags with features for the cashierless store

Customers can unlock products on their own thanks to smart tags

China and the U.S. already feature cashierless stores but things are coming along in Europe, too. Several startup companies want to eliminate long checkout lines and advertise better retail security tags. We took a closer look at these ...

Thumbnail-Photo: SES-imagotag VUSION Pulse Software
30.01.2019   #data warehouse management #software management

SES-imagotag VUSION Pulse Software

Improve Profitability and Reduce Waste

For 25 years, SES-imagotag has been the trusted partner of retailers for digital technology in stores. SES-imagotag, the worldwide leader in smart digital labels and pricing automation, develops a comprehensive IoT and digital platform that delivers ...

Thumbnail-Photo: retail trends: focus Retail Technology
12.02.2019   #mobile shopping #digital marketing

retail trends: focus "Retail Technology"

Omnichannel commerce, mobile shopping, seamless checkout – technology trends 2019

Would you like to find out about the latest retail technologies and hold something tangible in your hands at the same time?We'll be happy to send you a copy of our print edition retail trends: with the focus on "Retail Technology" ...

Thumbnail-Photo: New cash management solutions for the convenience sector...
08.11.2018   #cash management #cash handling systeme

New cash management solutions for the convenience sector

APG Cash Drawer partners with MSP Systems

APG Cash Drawer, a fast-growing global manufacturer of cash management solutions, announced today its new partnership with MSP Systems, a leading EPOS technology provider for the convenience sector in the UK.  MSP is now offering the SMARTtill ...

Thumbnail-Photo: Superdata PromoServer – Customer loyalty as a factor of success...
26.10.2018   #multichannel commerce #customer relationship management

Superdata PromoServer – Customer loyalty as a factor of success

All instruments for customer loyalty and sales in a single solution

Customer loyalty programs play a central role in the retail industry in order to secure the customer’s favor with increasing competition. With the expansion of the sales and communications channels, the challenge of customer loyalty has ...

Thumbnail-Photo: Toshiba spotlights new innovations for empowering retail...
21.01.2019   #mobile payment #payment systems

Toshiba spotlights new innovations for empowering retail

Showcasing its latest solutions, services and innovative concepts at hall 9 booth B42

Visitors to EuroCIS 2019 will learn at Toshiba's booth how every retailer can design his checkout to suit his and the customers' needs. Under the motto "Empowering the Art of Retail", Toshiba will present its end-to-end IT ...

Thumbnail-Photo: In touch: iXtenso - Magazine for Retailers at EuroCIS 2019...
22.01.2019   #e-commerce #brick and mortar retail

In touch: iXtenso - Magazine for Retailers at EuroCIS 2019

The freshly printed retail trends are ready for you! Visit us in hall 9, booth E02!

There will be no boredom until and during the fair - which will take place in Düsseldorf from 19.02.-21.02.2019. That's why you can already read what you can look forward to in our EuroCIS 2019 trade fair special! As speedy reporters, ...

Thumbnail-Photo: The new connection: Mobile payment via electronic shelf labels...
03.01.2019   #mobile payment #brick and mortar retail

The new connection: Mobile payment via electronic shelf labels

Interview with Alexander Hahn from digital payment service provider Wirecard

It’s a customer’s dream: no more waiting in line at the checkout counter. At this point, consumers can already scan their purchases with their smartphones, pay and leave the store. Wirecard collaborates with SES-imagotag and makes this ...

Thumbnail-Photo: 10 years E-Commerce Day in Cologne
06.02.2019   #e-commerce #event

10 years E-Commerce Day in Cologne

Birthday anniversary at RheinEnergieSTADION

On Friday, 17.05.2019, the E-Commerce Day - made by real.de offers online retailers, manufacturers and other interested parties the opportunity to discover new features and find out about the latest trends in e-commerce. More than 100 exhibitors ...

Thumbnail-Photo: EuroCIS 2019: from the trade fair to the points of sale...
27.11.2018   #digitization #POS Solutions

EuroCIS 2019: from the trade fair to the points of sale

Analogue and digital elements merge in physical retail

Many digital tools presented at EuroCIS over the past few years, have become indispensable to retail today. Which in-store media asserted themselves and what is so special about them? And, beyond this, which tools and technologies have great ...

Supplier

SES-imagotag Deutschland GmbH
SES-imagotag Deutschland GmbH
Bundesstraße 16
77955 Ettenheim
AURES Technologies GmbH
AURES Technologies GmbH
Maisacherstr. 118
82256 Fürstenfeldbruck
Permaplay Media Solutions GmbH
Permaplay Media Solutions GmbH
Aschmattstr. 8
76532 Baden-Baden
Intenta GmbH
Intenta GmbH
Ahornstraße 55
09112 Chemnitz
MobiMedia AG
MobiMedia AG
Rottpark 24
84347 Pfarrkirchen
Elo Touch Solutions NV
Elo Touch Solutions NV
Kolonel Begaultlaan 1C11
3012 Leuven
Axis Communications GmbH
Axis Communications GmbH
Adalperostraße 86
85737 Ismaning
EUROEXPO Messe- und Kongress-GmbH
EUROEXPO Messe- und Kongress-GmbH
Joseph-Dollinger-Bogen 9
80807 München
Superdata EDV-Vertrieb GmbH
Superdata EDV-Vertrieb GmbH
Ruhrstr. 90
22761 Hamburg