[BreachExchange] What Current Events Can Teach Businesses About Security

Destry Winant destry at riskbasedsecurity.com
Tue Nov 27 10:53:00 EST 2018


http://virtual-strategy.com/2018/11/26/what-current-events-can-teach-businesses-about-security/

Current events can teach us a great deal about the need for security
and issues related to security breaches. It doesn’t matter if yours is
a brick and mortar shop, an ecommerce business, a combination of both,
or a nonprofit organization, breaches in security can lead to issues
like credit card fraud, shoplifting concerns, and sensitive data
distribution. These issues, in turn, cause an accumulation of company
or personal debt, as well as other disastrous results for you and your
consumers.

What are some things that current events can teach businesses about
security? Here we have gathered some important information that
businesses can learn from recent events.

No business, no matter how large or small, is immune to the
possibility of a card data breach.

In September 2018, Newegg announced that a malicious code had been
active within their servers for over a month, allowing hackers access
to sensitive credit card information. The code siphoned off data from
unsuspecting customers to a server controlled by hackers with a
similar domain name designed to avoid protection. Newegg is one of the
largest retailers in the US, operating as a computer hardware and
software company that sells games, electronics, accessories, DVDs,
appliances, and peripherals. The code worked on both desktop and
mobile customers, meaning that the more than 45 million monthly unique
visitors to the site were put at risk.

While we know that large organization like Target and Panera, who were
also victims of credit card data breach, can suffer from the actions
of hackers attacking their systems, it’s important to understand that
being small doesn’t make you immune. In fact, smaller merchants are
often the more likely targets because they may be unable to spend the
money for sophisticated encryption software or security devices, and
may choose to use solutions that don’t do enough to reduce their PCI
scope. Without the means to utilize IT professionals on site,
sometimes the solutions they choose are also used incorrectly or
inadequately.

Businesses that don’t spend money on security may end up spending it
in other ways.

In the case of data breaches, Target’s financial statement revealed
that the 2013 breach cost $252 million in total. Likewise, Yahoo ended
up paying more than $50 million in damages for their security breaches
from 2013 and 2014. Costs are incurred from settling lawsuits filed by
banks, card companies, and consumers, as well as dealing with the
replacement of consumer credit cards. Businesses who suffer such
breaches also have to restore their victims completely, meaning that a
small business may find itself in bankruptcy dealing with the fallout
from just one situation. Fees and fines, in addition to paying for
litigation counsel and forensic auditing, means that a business will
spend a great deal in both time and money to recover from a security
breach.

Businesses end up suffering from broken trust and reputation.

Perhaps more than money, businesses who are victimized can suffer
long-term from a damaged reputation and broken trust with consumers.
In business, your brand means everything and a positive reputation
that was built over years can be dismantled in a minute. Since
negative press and inauthentic followers can create situations from
which your business may not recover, it’s important to protect
yourself and your business as much as possible and use reputable
sources like Social Gone Viral to build your brand.

Businesses can do more to protect themselves.

Problems that are largely caused by human error in data security
breaches may be corrected by artificial intelligence protocols,
leading to an improved system that can help prevent them in the
future. Codes, which may be open to vulnerabilities during development
and production, can be double-checked by AI. Artificial Intelligence,
too, in the form of facial recognition software can help prevent
retail crime in both brick and mortar business and ecommerce. Security
professionals can instantly identify both casual and organized retail
criminals when they enter an, leading to improved security protocols
and decreased loss over time. Images of consumers entering your
business can be captured and compared to large databases of known
criminals so that loss prevention professionals can be alerted when a
shopper who presents a threat comes to the store.

Facial recognition can also validate the identities of online
consumers and facilitate secure transactions for ecommerce businesses.
ATM/debit cards are completely in mainstream business transactions,
but face recognition software can be utilized to ensure that
individuals using cards are who they say they are. It is likely that
credit card companies will replace the credit and debit card with a
selfie or a fingerprint sensor, increasing the level of prevention
against fraud and identity theft and keeping card data secure by not
requiring it to be put on the web.

What are some things you think businesses should understand about
security? Feel free to share here.


More information about the BreachExchange mailing list