We recently reported about the rise in cost of recovering from data breaches in 2014. Now a new report from IBM security points out that cyber attackers geared most of their attacks towards the retail sector. In the process, they managed to steal 61 million customer records from retailers. The report also reveals a 43 percent rise in records reported compromised in 2014 compared to 2013.
Cyber thieves have managed to inflict greater damage while using fewer attacks to fulfill their aims. During two weeks 24 November – 5 December, around the biggest shopping day of last year, Cyber Monday, and Black Friday, the report revealed that the retail and wholesale sector was the top target for cyber criminals in 2014. As a result, a potential wave of attacks were conducted on high-profile retail brand names, leading to a long list of casualties.
What’s intriguing is that holiday-specific attacks went down and the overall data breach incidents went up. Between 2014 and 2012, the number of reported breaches during the two weeks reduced by more than 50 percent. The daily number of attacks was 3,034, which is 1/3 less than the 4,200 average over the same period in 2013.
This report doesn’t include many breaches that occurred near the end of last year. Attacks in which 10 million records were breached accounted for 43 percent more records than 2013. This implies that taking out outliers such as breaches at Home Depot and the Target from 2013 and 2014, respectively, hackers have gotten efficient.
The report also offers a recap of high profile data breaches and the number of customer records stolen: Home Depot 2014 (56 million), Target Corporation 2013 (70 million); Sony, PSN (PlayStation Network), SOE (Sony Online Entertainment) 2011 (12 million); The Valve Corporation (Steam) 2011 (35 million); & TJX Companies Inc 2007 (100 million).
“It’s not likely that we’ll see a significant fall-off of fraud efforts even with the positive holiday season statistics. Credit cards have been around for decades.”
“They allow us to purchase items without having to carry large sums of cash. A small piece of plastic that offers so much convenience. Criminals target that convenience in many ways.”
The findings show that credit card theft has evolved from physical theft of the card and falsifying credit card applications to advanced forms of digital theft. For example, new threat strategies enable hackers to spoof a retailer’s website. They may also conduct spam campaigns to lure victims into clicking links that appear to be from a legitimate firm. Lastly, there are breaches around POS malware, responsible for most retail hacks.
“POS systems are being compromised by several different types of malware, the malware specifically intercepts the credit cards’ track 1 or track 2 data which is stored on the magnetic stripe. Criminals then re-encode the track data onto counterfeit cards.”
What can retailers do this year?
The report indicates that hackers are using sophisticated techniques to conduct attacks. Retailers can mitigate customer record compromise by considering options such as Massive Strixus Global to implement strategies that safeguard their POS systems and internal systems to protect the integrity of customer information.
Additionally, merchants can use threat intelligence feeds that alert them of payment card breaches, and alert the retailer about the data attacked when a breach takes place. Intelligence feeds can significantly mitigate the damage, and enable retailers to respond before a hacker gets his hand on customer records.