{"id":24579,"date":"2012-09-26T19:34:42","date_gmt":"2012-09-26T09:34:42","guid":{"rendered":"http:\/\/power-up.space\/?p=24579"},"modified":"2012-09-26T19:34:42","modified_gmt":"2012-09-26T09:34:42","slug":"avg-aunz-alerts-retailers-to-threats-of-online-crime","status":"publish","type":"post","link":"https:\/\/www.impulsegamer.com\/wordpress\/?p=24579","title":{"rendered":"AVG (AU\/NZ) alerts retailers to threats of online crime"},"content":{"rendered":"

MELBOURNE, 26 September 2012<\/strong> \u2014 Speaking at Retail Expo 2012 in Sydney yesterday, Michael McKinnon, Security Advisor at AVG (AU\/NZ), stressed to his audience of small to medium retailers the importance of taking responsibility for the online security of their businesses. He detailed the dangers for retailers in relying too heavily on their IT suppliers to deliver the necessary levels of security.<\/p>\n

In what would appear to be a counter intuitive statement, McKinnon said: \u201cIt is not the 5.3 percent of Australian retailers that provide online shopping services which have the greatest exposure to cybercrime, it is the remaining 95 percent of business owners in the sector whose eyes are still on the shop floor rather than the online world, who are most at risk of falling prey to cybercrime.<\/p>\n

\u201cRetailers with a sophisticated Internet presence tend to have more current ICT systems and security regimes in place, while the vast majority are largely unaware of and are unprepared for threats to their security,\u201d he said.<\/p>\n

Shop owners are being targeted because their businesses have high EFTPOS and credit card transaction volumes and detailed customer databases. Every piece of personal identification information and financial data can be used or sold by a hacker.<\/p>\n

McKinnon said: \u201cNot all cybercrime is coming from borderless networks of organised bad guys opportunistically scanning the Internet to find vulnerabilities. It is very easy to walk in and scope physical stores, see what equipment and systems are running, and exploit known weaknesses.\u201d<\/p>\n

By operating with unsecured wireless networks and weak password regimes, outlets are open to online attack. A criminal, sitting in close physical proximity to the shop, can simply hack into its system.<\/p>\n

The insidious nature of sophisticated malware is that it is designed to work undetected. The longer it can successfully infiltrate POS and other systems, the greater the value of the online heist \u2013 and in most cases a compromise won\u2019t be discovered for months2<\/sup>.<\/p>\n

McKinnon said: \u201cYour machines won\u2019t slow, nothing unwarranted will appear in your bank statements. You\u2019ll only find out you\u2019ve been a victim when customer fraud issues are traced back to you.\u201d<\/p>\n

The ramifications of a breach are in the loss of critical time, money and reputation. The costs involved in having to deal with the Australian Federal Police and banks to comply with investigations, as well as ICT contractors to clean systems and compile evidence, can be too high a price for some retailers to pay. And McKinnon says: \u201cAs the story spreads of you \u2018allowing\u2019 a hacker to fraudulently access customer financial information \u2013 particularly when you look at the immediacy and reach of social networking \u2013 the competitive retail market will often see customers changing to other, \u2018safer\u2019 suppliers.<\/p>\n

\u201cWhile a shoplifter can walk out the door with a single item of clothing, a cyber criminal can clean you out,\u201d he said.<\/p>\n

Retail operates on tight margins. While it may be tempting to cut corners when purchasing ICT equipment and commissioning external computing services, McKinnon advises: \u201cDon\u2019t scrimp. Get the best and the latest and use every available security measure.\u201d<\/p>\n

A clear indicator of the benefit of high level internal security can be seen in the statistic from Verizon\u00a0 that 92 percent of data breaches in smaller operators are notified by an external party, whereas in larger organisations only 49 percent find out the hard way, because they tend to control their own IT and security and can detect breaches earlier.<\/p>\n

Another issue for retail shop owners is staff turnover and the ability to keep security policies and implementation at a comprehensively high level.<\/p>\n

AVG (AU\/NZ) urges retailers to take greater interest in and responsibility for their online security. It is an area of their business that should only be outsourced with care. In a recent example, several retailers were breached when their IT supplier installed remote access technologies to service their systems but gave a hacker an open door by using the same password for every customer.<\/p>\n

Confidentiality of customer data is paramount so AVG (AU\/NZ)’s 5 Top Tips for Retailers are:<\/p>\n

    \n
  1. Check the credentials and \u00a0\u00a0\u00a0\u00a0 security regimes of any outsourced ICT resources.<\/li>\n
  2. Maintain the highest \u00a0\u00a0\u00a0\u00a0 security levels for Virtual Private Networks and your suppliers’ remote \u00a0\u00a0\u00a0\u00a0 access authorisations.<\/li>\n
  3. Create strong passwords and \u00a0\u00a0\u00a0\u00a0 strict authentications – hackers test for systems that use factory default \u00a0\u00a0\u00a0\u00a0 settings.<\/li>\n
  4. Secure all end points \u2013 \u00a0\u00a0\u00a0\u00a0 POS, PCs, mobile devices including smartphones, tablets and USB sticks.<\/li>\n
  5. Staff training must include \u00a0\u00a0\u00a0\u00a0 online security awareness, and specifically the issue of social \u00a0\u00a0\u00a0\u00a0 engineering where staff can be manipulated into divulging confidential \u00a0\u00a0\u00a0\u00a0 data or personal identification information.<\/li>\n<\/ol>\n

    Links<\/strong><\/p>\n

    1. NAB July 2012 Online Sales Index – http:\/\/www.nab.com.au\/wps\/wcm\/connect\/nab\/nab\/home\/Business_Solutions\/10\/25\/<\/a><\/p>\n

    2. Verizon 2012 Data Breach Investigations Report (DBIR) – www.verizonbusiness.com\/about\/events\/2012dbir\/<\/a> – page 50 \u2013 Initial Compromise to Discovery<\/p>\n

    3. Verizon 2012 Data Breach Investigations Report (DBIR) \u2013<\/p>\n

    www.verizonbusiness.com\/about\/events\/2012dbir\/<\/a> – page 51 \u2013 Breach Discovery Methods<\/p>\n

    Keep in touch with AVG (AU\/NZ)<\/strong><\/p>\n