Dive Brief:
-
Despite several hacks targeting them and their customers, retailers haven’t done much to increase security, according to Mandiant, a division of cyber-security company FireEye.
-
Business services and retailers were most often hit by cyber-thieves in 2014, and hacks at retailers have increased 10 percentage points in the last year, from 4% to 14%.
-
Retailers have taken some steps to thwart breaches, but haven’t taken more sophisticated measures that are available to them and so they remain vulnerable, according to the report.
Dive Insight:
As this report notes, retailers are obvious targets for hackers because that’s where the money — and the credit card information — is. That’s never going to change, so for cyber-thieves to be thwarted, retailers’ security game must improve.
The report notes that it’s taking retailers a long time to detect a breach. (One business had malware in its system for eight years; the average was a brutally long 205 days.) Most (69%) of breaches are still being detected by outside companies, like banks that detect fraudulent activity on cards.
Alarmingly, most breaches begin with hackers fooling the company, posing as its own IT officials to gain access — a cyber-security 101 problem. And chip and PIN is only marginally safer than the magnetic stripe prevalent now, the report says.
“Where money goes, criminals will follow,” Mendicant says in its report. “Retailers have always been in the crosshairs of financially motivated cyber criminals. We saw no change to this in 2014. While attackers used some new techniques and grabbed more headlines, their playbook remained largely consistent with what we have observed over the last few years.”