Where have all the hackers gone?

Discussion
Jun 08, 2015

Through a special arrangement, what follows is an excerpt of an article from FierceRetail, an e-newsletter and website covering the latest retail technology news and analysis.

It’s been awhile since the last major data breach. Have the hackers moved on from retail or is this a calm before another storm? Probably both and neither.

There are a limited number of really accomplished cybercriminals out there. And as retailers have tightened their technological defenses, these bad guys have moved on to easier and perhaps more lucrative pickings.

Has all the talk about tokenization, PCI DSS standards compliance, point-to-point encryption, EMV chip cards, Apple Pay, Bitcoin and better awareness of malware scared them off? Not likely. While going after softer targets, they are also no doubt preparing a new round of attacks.

For instance, a recent study said that as the transition to EMV chip cards gets established, the bad guys will turn their attention from in-store POS systems to card-not-present online transactions.

Password hacker

Or take this metaphorical example: Your house gets robbed, so you get a dog. The next time that robber bypasses your house and breaks into a neighbor’s house where there is no dog, that neighbor gets a bigger and meaner dog than yours, and the cycle starts over.

Is there an end to this cybersecurity arms race? No, at least not in the foreseeable future. It’s the cost of staying in business in 2015.

Retailers will need all of the above-mentioned technologies, blended together by someone who knows what they are doing and what cybercriminals are up to. "Though tokenization and EMV have a place, there is no silver bullet. Retailers must consider and assess the security along all points in their processing," said Wolfgang Goerlich, a cybersecurity strategist at CBI.

Two deadlines on the horizon should help retailers set priorities.

The June 30 compliance deadline for five mandatory changes accompanying Payment Card Industry Data Security Standard version 3.0 is a response to the methods and tactics of card data thieves. Retailers who experience a data breach and haven’t met the requirements will face heavy fines.

The other is the fraud liability shift deadline for EMV chip cards in October. That is when lagging retailers or banks will assume liability for fraudulent card use depending on who is least prepared to accept the EMV chip cards. Whether it is fair or not, the deadline is a way to incent the industry to make the transition sooner rather than later.

That’s a start. Hopefully retailers will follow with other security measures and earn a mention on the list of those who haven’t been breached.

What do you believe has checked the rash of data breaches? Do you expect another round of breaches this holiday season? What steps and investments are retailers still failing to take to protect themselves?

Please practice The RetailWire Golden Rule when submitting your comments.
Braintrust
"Holidays are the best and government is the focus for the HackWacks today. When you have lots of news on stuff, that is where the hacks go (according to the TRedd Theory of Hacking Report). We had tons of PR and news on retail before the hacks took place."
"Who’s to say they have been checked? It took the federal government six months to figure out it had been hacked, so it seems to me that hackers are getting more and more sophisticated by the nanosecond. Of course there will be more rounds of hacking — and not just at the holidays."
"Any CIO who thinks that the data breach threat has passed should turn in his or her building key. If anything, threat actors are more present than ever."

Join the Discussion!

11 Comments on "Where have all the hackers gone?"


Sort by:   newest | oldest | most voted
Max Goldberg
Guest
6 years 11 months ago

After the Home Depot and Target hacks retailers realized the need to get serious about data security not only to meet consumer expectations, but to stem the multi-million dollar costs of breaches. No matter what retailers do, hackers, whether they are or domestic or foreign, will try to breach security measures. Retailers, and any big repositories of data, must be on constant alert, always implementing the latest security measures. To do any less is a disservice to consumers and their companies.

Tom Redd
Guest
6 years 11 months ago

Holidays are the best and government is the focus for the HackWacks today. When you have lots of news on stuff, that is where the hacks go (according to the TRedd Theory of Hacking Report). We had tons of PR and news on retail before the hacks took place. Now with Hillary and her server/cloud data storage issues the focus shifts to the government and hopefully Hillary’s server. Coming soon — sports and entertainment industry hacks. The HackWacks are moving in that direction.

 

Ryan Mathews
Guest
6 years 11 months ago

Who’s to say they have been checked?

It took the federal government six months to figure out it had been hacked, so it seems to me that hackers are getting more and more sophisticated by the nanosecond.

Of course there will be more rounds of hacking — and not just at the holidays. The reasons are simple: There are folks out there who like to solve problems, like how to get past any form of cybersecurity, and there is another group of folks out there that realizes that more and more of the world’s wealth lies relatively unprotected from cybercrime.

It’s an ongoing battle in what will no doubt become an eternal war. There isn’t much to do except to keep trying to stay one step ahead — or at least even — with the bad guys.

Ed Dunn
Guest
6 years 11 months ago

I would have to assume the hackers are waiting for the busiest and most active shopping season in fourth quarter instead of mid-year. Not sure if they are checked, especially with news of activation fraud among mobile wallets occurring since the beginning of this year.

Ralph Jacobson
Guest
6 years 11 months ago

I don’t believe there is ANY decrease in the number of hacks nor hack attempts. They are not all publicized, and many are getting thwarted with the use of new tools available. Bottom line, merchants and brands need to take security seriously and employ the tactics that are driving these hackers to “someone else’s sites.”

Gordon Arnold
Guest
6 years 11 months ago
There are limits to the value of information. As the personal information being stolen becomes more and more redundant there is less and less value applied to the newer batch of stolen files. Additionally, the consumer is taking steps to increase the security of their own information as a standalone effort. This too reduces the worth of the stolen data files. And a third reason for the evaporating worth of these data files is the poor maintenance performed on these files by the retailer. It is not uncommon for individuals to have several retail accounts in order to apply for promotional perks. And the purging of accounts for deceased members is virtually non-existent. Also there there is the little matter of change in account status resulting from household and business losses from the economic slowdown and subsequent job and salary changes. So what’s a thief supposed to do with a mess like this making the goods increasingly worthless? Why not try government employee files? These people are all working, still alive and in good economic… Read more »
Cathy Hotka
Guest
6 years 11 months ago

Any CIO who thinks that the data breach threat has passed should turn in his or her building key. If anything, threat actors are more present than ever. Verizon’s security team believes that most major retailers have active penetrations right now.

The smart people I talk to at dinner events around the country either have implemented tokenization and end-to-end encryption or are planning to, in addition to other measures.

Paula Rosenblum
Guest
6 years 11 months ago

I don’t think there’s been much of a drop in the number of breaches. Maybe a drop in publicity, but not necessarily breaches themselves.

I do think that crooks are finding more interesting targets, like the government.

This will never be over. PCI has nothing to do with it.

Anne Howe
Guest
6 years 11 months ago

I just had to replace my Visa card last week. A careful review of my statements revealed three or four random charges that we could not identify. Hackers are not gone, they are just getting sneakier. It’s frustrating and makes me feel distrustful of doing more shopping with this card.

Camille P. Schuster, Ph.D.
Guest
6 years 11 months ago

Just because the federal government is getting breached instead of retailers does not mean there is a suspension of activity. The breaches look for easy targets and organizations keep putting up stiffer hurdles. I do not believe there is a decrease in activity and any organization that lets down its defenses is vulnerable.

Kenneth Leung
Guest
6 years 11 months ago

I think the attacks are always taking place, it is whether the retailers know there is a breach and how well they are actively defending it. As Xmas comes and transaction increases (as well as retailers do year end tech audit to make sure they are ready for the holiday) I think you will see more news coming out on breaches.

wpDiscuz
Braintrust
"Holidays are the best and government is the focus for the HackWacks today. When you have lots of news on stuff, that is where the hacks go (according to the TRedd Theory of Hacking Report). We had tons of PR and news on retail before the hacks took place."
"Who’s to say they have been checked? It took the federal government six months to figure out it had been hacked, so it seems to me that hackers are getting more and more sophisticated by the nanosecond. Of course there will be more rounds of hacking — and not just at the holidays."
"Any CIO who thinks that the data breach threat has passed should turn in his or her building key. If anything, threat actors are more present than ever."

Take Our Instant Poll

Are retailers more of less vulnerable to face data breaches today than they were at the time of the Target data breach in 2013?

View Results

Loading ... Loading ...