Which Retailers Are Most Vulnerable to Data Breaches?
How Do Data Breaches Happen to Retailers?
The simple answer is cyber criminals break into retailers' computers because they process lots of customer information, including credit card numbers, names, addresses, email addresses, phone numbers, and other information that's highly valuable to thieves.
Why do thieves want this data? As we've mentioned, cyber criminals can use it to commit fraud. By taking your customers' personal information, a criminal could sign up for a loan in your customers' name or make bogus purchases by using their credit card information.
Cyber criminals know that retailers are sitting on stockpiles of data and so they attack, targeting your store's network, POS system, or e-commerce site.
Lurking in the Shadows of Retail
Each year, Verizon publishes a Data Breach Investigation Report that tracks how cyber criminals attack various industries. We won't overwhelm you with the technical details, but a quick look at the techniques cyber criminals use will help us see where your store is vulnerable and year-over-year changes between 2013 and 2014 .
Source: Verizon 2013 and 2014 DBIR
Here's a breakdown of the most common causes of retail data breaches:
- Point-of-sale intrusions. By breaking into your POS system, hackers can directly harvest your customers' private information and illegally download it.
- Crimeware. Crimeware is a name for the specific malware that has been designed to help criminals break into a network, find personal information, and steal it.
- Payment card skimmers. A skimmer is a physical device that's attached to your payment card terminal. These devices are sometimes laid over the card reader, so that your customers unknowingly swipe cards through them.
- Web app attacks. If your store has an online or mobile presence, cybercriminals can bully their way inside by breaking into your web apps.
- Insider misuse. Your own employees or contractors could install malicious software or download customer data in order to use it for fraud.
Interestingly, the attacks we saw in 2014 were a little different than in the previous year.
In 2013, 33 percent of breaches resulted from DDoS attacks, where criminals overload your servers with traffic in order to break in. The next year, criminals changed their targets and focused more on point-of-sale systems. What does this tell us? Every year, cyber criminals adapt their strategies when they find better techniques or changes in technology make certain targets more vulnerable.
Cyber criminals regularly change their methods to take advantage of vulnerabilities.
Point-of-Sale System: Frequent Target for Cyber Criminals
While hackers adapt their strategies, they will always target your point-of-sale system because that's the where your transactions occur. Small retailers might be especially susceptible to these attacks because they have less tech knowhow and smaller IT budgets than their larger counterparts.
The Verizon report explains that cyber criminals actually attack small and large retailers differently. Here's how:
- Large retailers: Sophisticated attacks are used to break into computer systems, then malware worms its way onto their POS system.
- Small retailers: Cyber criminals usually don't have to work that hard. They can often guess the passwords on POS systems because small retailers sometimes keep the factory default settings or forget to update their software.
In other words, small retailers can shoot themselves in the foot by not taking basic precautions with their POS system. Remember: 90 percent of data breaches in the first half of 2014 were preventable. That's because a lot of us (retailers and others) are skipping simple steps that could keep hackers out.
Next: What Happens When Your Store Is the Victim of a Data Breach?