Within the past few years, there have been a number of security incidents involving hackers able to breach an organization's cloud services. Since more information is migrated to Web-based platforms nearly every day, when an event of this kind takes place, a rising level of content is in danger of getting stolen or compromised by cybercriminals.
Within the past few months, experts have noted a trend in the cybersphere, where hackers are more often targeting retail and e-commerce organizations for these types of attacks. In fact, according to Security Week contributor Eduard Kovacs, the new 2014 Global Security Report found that the majority of all breaches to occur last year impacted businesses in the e-commerce sector.
The study discovered that of the 691 breaches and security incidents occurring last year included in the report, about 54 percent affected e-commerce systems, including cloud platforms. An additional 33 percent involved point-of-sale attacks. Overall, the number of incidents revolving around sensitive payment card data -including attacks on e-commerce cloud and POS systems – constitutes the top type of breach today.
"In fact, experts believe that these two types of breaches will dominate the landscape in the upcoming years," Kovacs wrote.
All told, 35 percent of the breaches taking place last year impacted organizations in the retail sector. This includes the high profile Target incident, which considering the number of records compromised – 40 million payment cards and 70 million personal information records – makes these statistics less shocking. If this level of damage can come as a result of a single retail breach, it is not surprising that e-commerce systems were the most attacked technologies in 2013.
Changing environment means changing security measures
Adrienne Hall, Microsoft TechNet blog contributor and Trustworthy Computing general manager, noted that retail and e-commerce organizations have been utilizing more technology in recent years. As a result, these groups must adjust their security measures to match up with the new innovations within their systems.
For example, alongside the rising level of cloud adoption in the retail and e-commerce industries is the increasing use of technology for supply chain and customer relationship management, not to mention more Web services and self-service portals for employees.
At the same time, Hall noted that the cloud can help reduce some of the risks involved with more technological advancements, especially with the help of a trusted cloud service provider.
"Adopting cloud computing can help retailers mitigate the risk of data breaches," Hall wrote. "Qualified CSPs will typically offer tested disaster recovery and incident response programs, which can help ensure that breaches are managed effectively and quickly."
A need for improved security and preparedness plans
While breaches are no secret risk in the retail and e-commerce sectors, recent research shows that many are not prepared to deal with such incidents. The Microsoft Cloud Security Readiness Tool survey found that 51 percent of retail organizations do not currently have a plan in place that governs how they respond to a data breach.
This means that, in the event that hacker activity is discovered within the company's network, they have no prearranged plans in place as to how to initially react to the attack, or how to take care of it in the long run.
Even more concerning are the other findings attached to the survey. According to Hall, the study also discovered that 32 percent of retailers in today's environment are not effective in their access control management, and 31 percent do not have established levels in place for accessing sensitive material. This creates even more risk for data, as a lack of robust security measures increases the likelihood of unauthorized access, compromisation or theft.
How e-commerce firms can bolster security
CloudWays contributor Mehdi KaramAli noted that there are a number of ways that e-commerce and retail businesses can improve their data security, beginning with compliance with the Payment Card Industry Data Security Standard.
"Security breaches at an e-commerce website [do] not just cost both the brand and the buyer financially, but also affect the overall trust of the consumer," KaramAli pointed out. "For this reason, in late 2004, leading credit card companies devised a set of rules and named them PCI DSS."
Whenever organizations add or change their security protocols, administrators need to ensure the company's continued compliance with these guidelines, as if an incident occurs and the group is found to be noncompliant they can face steep consequences.
Decision-makers should also implement access controls to ensure that only those with the proper authentication credentials can open, make changes to or transmit sensitive content. KaramAli suggested utilizing two-factor authentication, which involves not only a traditional username and password, but also a single-use code sent to the user's mobile device.
Retailers and e-commerce firms should also leverage encryption to better safeguard any and all sensitive data. The majority of e-commerce websites utilize an SSL certificate to encrypt and decrypt information being transmitted over the Internet to protect customers' payment details and other content.