Target Breach Highlights Vulnerabilities in Retail Today

While Black Friday (News - Alert), Small Business Saturday and Cyber Monday are behind us, their impacts are not – especially for 40 million credit and debit card holders who decided to shop at Target (News - Alert) between Nov. 27 and Dec. 15. The retailer is investigating a data breach that compromised millions of accounts in stores – not online – for customer names, credit or debit card numbers, expiration dates and CVV security codes.

The company released a statement on its website confirming the unauthorized access, saying it is working with a third-party forensics firm to conduct a thorough investigation of the incident and look into how it can prevent similar incidents in the future.

“We continue to invest in our security practices to protect our guests’ information including the retention of a leading third party forensics firm to conduct a thorough investigation of this incident. We apologize for any inconvenience this has caused our guests,” Target said.

Unfortunately, Target is not alone in experiencing data breaches. I recently spoke with Kevin Ptak, global communications manager at Mako Networks, to discuss the company’s partnership with Sprint (News - Alert) and providing Payment Card Industry (PCI)-complaint solutions in retail. In our conversation, he explained that retail is one of the top targets for cybercriminals, because their networks are vulnerable and the data they manage offers immediate financial benefit for criminals.

TrustWave, an information security and compliance company, releases an annual global security report, which analyzes the results of hundreds of incident response investigations, thousands of penetration tests, millions of website and Web application attacks and tens of billions of events. The 2013 Global Security Report found that the primary targets of cybercriminals in 2012 were retail (45 percent), food and beverage (24 percent) and hospitality (9 percent), because these industries manage a huge volume of payment cards and the main focus of organizations in these industries is on customer service, not data security.

“In practically all of the 2012 investigations, this statement was made in just about every case: ‘Why me?’ The answer can only be ‘Because, you have something worth taking that is not protected,’” the report said.

The report also explained that retail is among the top compromised industries because security often becomes an afterthought until a breach is identified. Retail organizations also typically outsource IT support and are often unaware of security best practices or compliance mandates. In a world where everything is becoming connected and moving toward the Internet of Things, security needs to be a top priority for everyone, not just governments, financial institutions or large enterprises.

Machine to machine (M2M) and next-generation technology can help retailers prevent data breaches like Target’s. PCI (News - Alert)-compliant solutions ensure a baseline of security and help reduce the risk of credit card fraud. Mako Networks, for example, simplifies PCI DSS compliance for businesses and integrates with a qualified security assessor (QSA) bundle from an independent company certified by the PCI Security Standards Council. It was the first network management company in the world to be PCI DSS-certified.