Reports of hacking have dominated the news on a near-daily basis of late. These headlines are unlikely to go away anytime soon, particularly for prime, newsworthy targets like finance and retail companies. Ransomware, malicious software that holds valuable data hostage until a user or company pays up, is a growing threat that can affect any industry. But for obvious reasons—lots of lucrative data to be stolen, such as credit card and bank account information—the finance and retail industries remain particularly vulnerable to both attacks and the ensuing negative publicity.
Tweet this: Hacking has been a steady news trend in recent years, here are 5 ways to discourage retail hacking
Target Wasn’t the Only Target
By now, it’s likely that everyone has heard of the big Target hack that occurred a few years ago. Sensitive information was stolen from more than 40 million of Target’s customer accounts, including credit/debit card numbers, expiration dates, and CVVs—that little 3- or 4-digit number you need to use your card online or over the phone. The hack attack was front-page news for several days, and left Target with a big black eye during the busiest shopping time of the year.
While the attack generated a firestorm of negative publicity for the company, many recent data breaches in retail and finance dwarf the Target attack in scope. A listing of just a few of those attacks reads like a “Who’s Who” of the financial and retail industries:
- Walmart: Millions of customer accounts compromised in 2015 (through a third-party company)
- JPMorgan: More than 80 million customer accounts breached in 2014
- Home Depot: Credit and debit card information and email addresses of more than 50 million customers stolen in 2014
- Citigroup: More than 360,000 customer accounts compromised in 2011
- Neiman Marcus: More than one million customer credit and debit cards hacked
And an ongoing, organized series of global attacks against the finance industry has netted hackers as much as $1 billion in funds stolen from banks around the world. How can you make sure your company learns from these experiences, and doesn’t wind up a victim of a cyberattack? Every year there will be new buzzwords and evolving threats, but sticking to the basics will help reduce your exposure and make your company less attractive to attackers.
5 Tips for Increase Your Cyber Resiliency
Cybercriminals are a new breed of bad guy. Some are masterminds who display a degree of technological savvy and sophistication that, quite often, badly outclasses their targets’ cyber-defenses. Often, however, cybercriminals prey on laziness and poor system management.
Many organizations, for example, still depend upon a simple query-password system as their primary form of defense. But even at best, this is a flimsy shield against sophisticated hacking techniques such as phishing. And many passwords do little more than slightly slow down a hacker’s grab for data.
Consider this: According to Computerworld, the world’s most-used password is ‘123456.’ Millions of similarly weak passwords are all that stand between hackers and data/systems access at countless companies. It’s a good time to be a cybercriminal!
Fortunately, there are many ways that organizations can beef up their defenses against hackers. Following are five recommendations that will considerably strengthen your defenses, and most can be quickly implemented:
- Purge Unneeded Data Regularly: Today’s technology enables the storing of vast quantities of data. But many organizations retain data needlessly—and all of that data increases exposure in the event of a data breach, and might even make such companies more tempting targets for cybercriminals. Make it a policy to regularly purge sensitive customer information (credit card info, emails, social security numbers, etc.) from your system once it’s no longer needed on an ongoing basis.
- Train Employees: Hackers frequently exploit employees by probing for cracks in a company’s cyber-defenses—and with great success. And sometimes attacks originate from within. According to Vormetric’s 2015 Insider Threat Report, 89 percent of companies surveyed felt that they were vulnerable to insider threats. Though some internal threats are malicious in nature, many are simply the result of carelessness, negligence, or simple ignorance of the threats that exist. Educating employees to be alert to potential hacking attempts, and to follow best practices for security—avoiding simplistic passwords like ‘123456,’ for example—can go far in making your company more resilient.
- Stay Alert: Cyber-threats are constantly evolving, both in variety and sophistication. Keeping abreast of the latest threats will help to assure that you don’t fall victim to those threats. Run your scans, and patch early and often. Tune your SIEM and all of your security tools. Following security experts on Twitter can be a great and instantaneous way to keep informed about the latest threats. Regularly attending security conferences such as DEF CON and BSidesLV can help to increase both your awareness of threats and your ability to effectively respond to them.
- Establish Organizational Security Policies: Formulate and enforce simple and clear guidelines that provide for maintaining a secure workplace environment. While most large companies already have such policies in place, many smaller organizations do not. If you need to construct an organizational security policy from scratch, there’s plenty of guidance available for tackling that chore. The National Institute of Standards and Technology, ISO27k, and SANS all offer a wealth of useful resources.
- Make Identity and Access Management a Security Cornerstone: As noted above, many organizations rely upon a simple query-password system for authorizing access to systems and data. Adding additional layers of protection can provide a huge leap in security without blowing budgets out of the water, or reducing employee productivity. It’s critical to control both access to systems, and the range of permissions granted to any given user. Many vendors offer multi-factor authorization and access management solutions that are budget-friendly and can be implemented quickly if you have your requirements defined.
Tweet this: 5 tips to increase your cyber resiliency and protection against hacking
It’s Not a Time for Ostrich-Style Attitudes
Many companies have experienced data breaches that range in severity from annoying headaches to brand-tarnishing disasters. But one thing is for certain: The cyber-bad-guys aren’t letting up; the rate of cyberattacks has snowballed in recent years. Security Magazine reports that occurrences of ransomware attacks, for instance, increased almost 300 percent in less than 24 months spanning from 2013 to 2015.
If the leaders of your organization are taking a head-in-sand approach to cybersecurity, it’s time to take action. But how, and where? It’s a simple truth that absolute, organization-wide security is just not attainable. A mindset of attempting to protect everything will likely lead to protecting nothing. So make it a priority to tighten security around the most important information assets: those that drive revenue.
After all, the seriousness of a security breach is not measured by the simple fact that a breach occurred. Instead, the potential damage of a breach is calculated by the value of the data that’s stolen—as Target and many other organizations have so very painfully learned.
For Colorado’s largest credit union, Ent Federal Credit Union, reputation matters—it’s vital for customers to have high levels of confidence in their service. Read more about Ent Federal Credit Union, and how Cherwell helped their IT department move from a reactive to strategic business partner, in this case study.