Your Customers Want Secure Access

Transcription

1 FIVE REASONS WHY Cybersecurity IS VITAL to Your retail Businesses

2 Your Customers Want Secure Access Customer loyalty is paramount to the success of your retail business. How loyal will those customers be if you don t keep their confidential credit card information private? Equally important is access. Mobile retail sales are expected to reach $27 billion by And this isn t just the big online stores. For convenience, many customers use their mobile devices to make purchases via your brick and mortar stores websites. While you can t control the prevalence of mobile malware on your customers devices, you can make sure your website, your customer data, and your Point of Sale (POS) devices are protected. With so much data floating around, retailers are quickly becoming a favorite target of cybercriminals. In 2011, three of the Top 5 most expensive data breaches affected retailers customer information. As retailers who ve been exposed know all too well, these are not victimless crimes. The Center for Strategic and International Studies estimates that cybercrime creates a $100 billion annual loss to the U.S. economy, and results in as many as 508,000 lost jobs. 2 We ve created this E-Book to outline just a handful of the many reasons cybersecurity is critical to your success. 1 Forrester Research, How US Consumers Shop on Mobile Devices, May 13, Imperva s Web Application Attack Report, July 2012

3 Reason #1: The Internet is growing and so are the threats. The criminals go where the money is. Recent research warns that U.S. retailers are seeing twice as many SQL injection attacks as other industries. 3 SQL injection attacks are used to insert, modify, delete or view data in a database and bypass security restrictions to gain access to sensitive data (e.g. to dump the database contents to the attacker Command and Control server). These cyberattacks use popular programming languages in almost any database application and can be launched manually or by a robot. Cybercriminals are getting more sophisticated to evade detection, often hosting their malware command and control services from the same region as the infected machines. 4 Sources: Economist Intelligence Unit; Ovum; Gartner; Euromonitor International; Organization for Economic Co-operation and Development (OECD); Magnaglobal; CCB; U.S. Bureau of Labor Statistics; U.S. Small Business Administration; PC; Forrester Research; H2; Fitch; World Economic Forum; BCG analysis. 3 The Economic Impact of Cybercrime and Cyber Espionage Report, Center for Strategic and International Studies, July Threatpost, Malware C&C Servers Found in 184 Countries, April 23, 2013

4 Reason #2: Cybercrime can hurt your reputation. Loyal customers keep you in business. Even though return purchasers (i.e., those who have made one previous purchase) and repeat purchasers (makers of multiple previous purchases) accounted for only 8% of e-commerce site visitors, they generated a disproportionately high 41% of site sales. If you have a brick and mortar business, you need to keep the latest brands in stock so your customers will find what they want when they come into your store. But you also need to make sure that you provide your customers with a secure transactional experience and that the Point of Sale (POS) is not the point of attack for cybercriminals. There have been cases where the POS systems remote access software that was designed to correct retailers problems off-site, actually acted as a vehicle to deliver malicious software that stole customers credit card information. Cyberprotection can t stop at your office desktop computers. All your endpoints need protection. 5 emarketer report, Customer Loyalty: Emotional Bonds Trump Monetary-Based Loyalty Programs, March Shopping Center Legal Update, The New Wave of Cyber-Crime Facing Retailers, Summer 2010

5 Reason #3: Fixing the damage of a data breach is much more costly than cyberprotection. According to the 2013 Verizon Data Breach Investigations Report, retailers unsecured POS systems have repeatedly exposed hundreds of thousands of victims, particularly in smaller organizations with limited IT resources. The same report indicates that 24% of the confirmed data breaches were found in retail businesses and restaurants, the second largest sector after financial organizations. 7 In fact, lost business costs for the year surpassed a staggering $3 million. 9 As this Verizon Data Breach Investigations Report graph (and common sense) indicates, the price of cyberprotection is a small fraction of the cost of fixing the big-ticket damage a cyberattack can inflict on your balance sheet and your reputation. Cost of recommended preventive measures by percent of breaches Although it s difficult to estimate the complex costs associated with repairing the damage of a cyberattack, we know the price tag of these breaches is on the rise with an average cost of $136 per compromised record in The US spends $1.4 million annually on post-cyberattack responses, including help desk activities, inbound communications, special investigative activities, remediation activities, legal expenditures, product discounts, identity protection services, and regulatory interventions Verizon Data Breach Investigations Report Cost of Data Breach Study: Global Analysis, Ponemon Institute Cost of Data Breach Study: Global Analysis, Ponemon Institute

6 Reason #4: Loss prevention isn t just about shoplifters. To cybercriminals, confidential financial data is more valuable than merchandise. When credit card information is stolen, the crime can just keep on going, particularly if it isn t detected right away. Click on these stories of just a few recent retail cybercrimes to learn more. Conduct your own Google search for Point of Sale data breaches and you re likely to find additional news stories, reinforcing the case for protecting all your organization s endpoints, particularly your vulnerable POS systems. In September 2012, cybercriminals stole customers credit card information from the keypads of POS systems at 63 Barnes and Noble stores across the country. Two men were recently sentenced for their role in a $10 million dollar conspiracy involving Subway restaurant POS devices. According to prosecutors, the group used stolen payment data from 146,000 cards over a two-year period to make unauthorized charges and transfer funds from the cardholders account. Late last year, researchers discovered the so-called Dexter malware that infected POS systems worldwide, stealing data from tens of thousands of payment cards.

7 Reason #5: PCI-DSS compliance is serious business. The Payment Card Information Data Security Standards (PCI- DSS) were developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. 10 PCI-DSS compliance is governed by the PCI Security Council which is made up of the five major credit card companies (American Express, Discover, JCB, Master Card, and Visa). The standards apply to any organization that stores, processes or transmits cardholder information. So what happens if you violate the PCI-DSS and expose your customer data? The credit card companies can fine your bank $5000 to $100,000 per month for PCI compliance violations, which they will likely pass down to you, the merchant. When this happens, the bank is also likely to either terminate your relationship or increase transaction fees. Needless to say, these penalties can be devastating to a small retailer. So what exactly are these standards? Basically, the PCI-DSS are requirements that credit card information stays secure. Whether you process, store, or transmit that data, you are obligated to do whatever it takes to prevent credit payment information from getting into the wrong hands. As the merchant, you are ultimately responsible for the security of your customers credit payment information. 10 PCI Security Council, Payment Card Industry (PCI) Data Security Standard Requirements and Security Assessment Procedures, Version 2.0, October 2010

8 An Integrated Security Solution Kaspersky delivers a comprehensive security platform to help protect your business whether you are looking to manage, protect and control all your endpoints (physical, mobile and virtual), secure your servers and gateways, or remotely manage your entire security environment. Kaspersky Endpoint Security for Business boasts a comprehensive list of technologies from anti-malware, endpoint controls, encryption, mobile device management (MDM), to systems management including patch management and license inventories, Built from the ground up, Kaspersky makes it easy for IT administrators to see, control and protect their world. Kaspersky s security modules, tools and administration console are developed in-house. The result is stability, integrated policies, useful reporting and intuitive tools. Kaspersky Endpoint Security for Business is the industry s only true integrated security platform. Kaspersky products are designed so that the administrator can view and manage the entire security landscape from one single pane of glass. They all work together seamlessly, supported by the cloud-based Kaspersky Security Network, to deliver world-class protection businesses need to combat ever more sophisticated and diverse cyber threats.

9 About Kaspersky Lab Kaspersky Lab is the world s largest privately held vendor of endpoint protection solutions. The company is ranked among the world s top four vendors of security solutions for endpoint users. * Throughout its 15-year history, Kaspersky Lab has remained an innovator in IT security and provides effective digital security solutions for educators, consumers, SMBs and Enterprises. The company currently operates in almost 200 countries and territories across the globe, providing protection for more than 300 million users worldwide. Call Kaspersky today at or us at corporatesales@kaspersky.com, to learn more about Kaspersky Endpoint Security for Business. SEE IT. CONTROL IT. PROTECT IT. With Kaspersky, now you can. * Gartner, Magic Quadrant for Endpoint Protection Platforms, Peter Firstbrook, John Girard, Neil MacDonald, January 2, 2013.