Published on the 26/05/2015 | Written by Beverley Head
Insecure point of sale systems and high staff turnover are rendering A/NZ retailers vulnerable to cyber attack…
Australian and New Zealand retailers have been warned that they face a risk of having their information systems hacked and customer credit card details exposed because of lax security and a lack of proper information systems governance.
Dell Software managing director Ian Hodge said that many retailers were installing point of sale systems without proper security, meaning that credit card information could be vulnerable to attack.
Dell’s most recent threat report, based on analysis of traffic going through Dell’s network security monitoring systems, revealed a surge in the number of POS-focused attacks compared to previous years. It also noted that the organisation had installed 333 percent more POS security remedies than in previous years.
Until security was installed in a retailer’s POS network so that suspicious transactions or activity could be easily identified and corralled, POS systems needed to be segmented and held apart from the rest of a retailer’s computer network to ensure that data such as credit card details could not be easily siphoned off, according to Hodge.
While POS systems have become a significant threat vector, retailers also needed to be mindful of how their staff could – either willfully or accidentally – become an information security risk.
Retailers’ generally high staff turnover “is so rapid that they keep getting conned,” said Simon Ractliffe, general manager of Dell subsidiary, SecureWorks.
Hodge said because of high staff churn retailers needed to ensure that their new staff onboarding process featured information about computer security. Besides that retailers also needed to ensure they were vigilant about routine systems protection measures such as regularly updating software to ensure that it was properly patched against vulnerabilities – although he acknowledged this could be a challenge for smaller retailers where no one staff member might be accountable for information systems governance.
He said that while attacks on large retailers such as Target and Home Depot made the news in 2014, it was smaller retailers that were in fact more vulnerable, and that “the threat is almost unmanageable in some cases,” especially as the retail sector’s approach to security investment tended to focus on compliance rather than prevention.
But like the anecdote featuring two hikers and a hungry bear, Ractliffe said that retailers should not feel that they had to make themselves completely secure – they only had to make themselves more secure than rivals as there was still a competitive advantage to be wrung from being more secure than other operators in the sector.