In 2012, the Retail Industry made up 45% of data breach investigations. This is the highest percentage in retail history, and a 15% increase over 2011. While many business owners may feel that their business is too small to be concerned about a data breach, according to Visa's estimates 95% of credit card data breaches are on small business customers. Cayan has developed this infographic to help business owners better understand where the most common points of entry are for point of sale attacks as well as some ways you can better protect your business and your customers.
In 2012, 45 percent of data breach investigations focused on the retail market. This is the highest percentage ever recorded and represents a 15 percent spike over the previous year. E-commerce businesses were the target for 48 percent of the reported attacks, and businesses in 29 nations were directly affected. On average, it took 210 days for businesses to discover a data breach, and 64 percent of businesses under attack remained unaware of an intrusion for 90 days or more.
Owners of small businesses may not believe their firms to be at risk, but research from VISA proves otherwise. It reveals that an astonishing 95 percent of data breaches in credit card processing
involve customer purchases from small businesses. In response to this rapidly growing problem, Cayan has compiled a fact sheet identifying common vulnerabilities to point of sale attacks and offering strategies for improving protections.
Businesses at Risk
Of all business data breaches in 2010 involving credit card transactions, 63 percent occurred in firms with fewer than 100 employees. Hackers can infiltrate a number of small businesses in the same amount of time it takes to break into one large corporation.
In fact, hackers in general prefer targeting small businesses for a number of reasons:
Lack of Technical Expertise
- Few, if any, tech experts are on-site
- Fewer basic security measures are in place
- Unsecured small business networks allow easy access to nearby hackers
- Passwords are likely to be easy to guess
- Employees may agree to work with data crime rings for extra cash
Many smaller businesses do not have the budget to employ tech experts trained in identifying cyber attacks. This makes it easier for experienced hackers to breach their payment processing system undetected. By the time someone notices a revenue drain, the hackers may have already moved on to their next victim.
Lack of Basic Security Measures
Businesses may lack the resources to investigate and install security software. One popular hacking tool, KeyLlama, is a keystroke logger that allows hackers to track all data entered into the firm’s computer system. KeyLlama can save up to 4 megabytes of purloined data, and it is virtually undetectable without appropriate security software.
Unsecured Networks Invite Malware
Unsecured networks with little or no encryption may as well roll out the welcome mat for hackers that target smaller firms. They can upload malware or viruses into the system without bypassing network security. Nothing could be easier.
The Importance of Strong Passwords
Roughly 50 percent of businesses use easy to guess passwords such as “Password1.” Hackers are likely to try the most common passwords first when launching an attack because they often work.
Inside Help for Hackers
An incredible 60 percent of failed businesses fell victim to internal theft. Data crime rings recruit the help of employees to obtain critical data. Employees can introduce malware via attachments or links in their interoffice emails. One survey shows that more than 34 percent of employees ranging from age 18 to 29 believe that stealing from an employer is justifiable.
Smart Strategies from Cayan for Reducing Risk
- Restrict direct Internet access with a central access control device
- Ban unauthorized devices
- Change default or easily guessed passwords
- Isolate data storage systems from the network at large
- Discontinue storage of unneeded card data
Business owners should take further measures to protect their valuable data and their customers’ payment information from predatory attacks. Scheduling professional security training sessions on a regular basis is an effective way to ensure employees are security savvy.
Keeping an updated inventory of all valid Wi-Fi devices aids in the quick identification of unauthorized hardware. Also, retailers should take a proactive approach to protecting sensitive data by enhancing their network security software. An ASV device can help eliminate vulnerable spots in the company network.
Small businesses can combine network activity logs with physical logs to quickly identify and investigate suspicious events. Also, by visualizing daily routines, businesses can raise their awareness of unexplained events that indicate security breaches.