Your Customers Want Secure Access

Download (0)

Full text


CyberseCurity is VitAL

to your retAiL businesses

FiVe reAsons WHy


Customer loyalty is paramount to the success of your retail business. How loyal will those customers be if you don’t keep their confidential credit card information private?

Equally important is access. Mobile retail sales are expected to reach $27 billion by 2016.1 And this isn’t just the big online

stores. For convenience, many customers use their mobile devices to make purchases via your brick and mortar stores’ websites. While you can’t control the prevalence of mobile malware on your customers’ devices, you can make sure your website, your customer data, and your Point of Sale (POS) devices are protected.

With so much data floating around, retailers are quickly becoming a favorite target of cybercriminals. In 2011, three of the Top 5 most expensive data breaches affected retailers’ customer information. As retailers who’ve been exposed know all too well, these are not victimless crimes. The Center for Strategic and International Studies estimates that cybercrime creates a $100 billion annual loss to the U.S. economy, and

results in as many as 508,000 lost jobs.2

We’ve created this E-Book to outline just a handful of the many reasons cybersecurity is critical to your success.

2 Imperva’s Web Application Attack Report, July 2012 1 Forrester Research, How US Consumers Shop on Mobile Devices, May 13, 2013


Reason #1:

The Internet is growing and so are the threats.

The criminals go where the money is. Recent research warns that U.S. retailers are seeing twice as many SQL injection attacks as other industries.3 SQL injection attacks are

used to insert, modify, delete or view data in a database and bypass security restrictions to gain access to sensitive data (e.g. to dump the database contents to the attacker Command and Control server). These cyberattacks use popular programming languages in almost any database application and can be launched manually or by a robot. Cybercriminals are getting more sophisticated to evade detection, often hosting their malware command and control

services from the same region as the infected machines.4

3 The Economic Impact of Cybercrime and Cyber Espionage Report, Center for Strategic

and International Studies, July 2013.

4 Threatpost, “Malware C&C Servers Found in 184 Countries,” April 23, 2013

Sources: Economist Intelligence Unit; Ovum; Gartner; Euromonitor International; Organization for Economic Co-operation and Development (OECD); Magnaglobal; CCB; U.S. Bureau of Labor Statistics; U.S. Small Business Administration; PC; Forrester Research; H2; Fitch; World Economic Forum; BCG analysis.


Cybercrime can hurt your reputation.

Loyal customers keep you in business. Even though return purchasers (i.e., those who have made one previous purchase) and repeat purchasers (makers of multiple previous purchases) accounted for only 8% of e-commerce site visitors, they

generated a disproportionately high 41% of site sales. If you have a brick and mortar business, you need to keep the latest brands in stock so your customers will find what they want when they come into your store. But you also need to make sure that you provide your customers with a secure transactional experience and that the Point of Sale (POS) is not the point of attack for cybercriminals. There have been cases where the POS systems’ remote access software that was designed to correct retailers’ problems off-site, actually acted as a vehicle to deliver malicious software that stole customers’ credit card information. Cyberprotection can’t stop at your office desktop computers. All your endpoints need protection.

5 eMarketer report, “Customer Loyalty: Emotional Bonds Trump Monetary-Based Loyalty Programs,” March 2013 6 Shopping Center Legal Update, “The New Wave of Cyber-Crime Facing Retailers,” Summer 2010


Reason #3:

Fixing the damage of a data breach is much

more costly than cyberprotection.

According to the 2013 Verizon Data Breach Investigations Report, retailers’ unsecured POS systems have repeatedly exposed hundreds of thousands of victims, particularly in smaller organizations with limited IT resources. The same report indicates that 24% of the confirmed data breaches were found in retail businesses and restaurants, the second largest sector after financial organizations.7

Although it’s difficult to estimate the complex costs associated with repairing the damage of a cyberattack, we know the price tag of these breaches is on the rise with an average cost of

$136 per compromised record in 2012.8 The US spends $1.4

million annually on post-cyberattack responses, including help desk activities, inbound communications, special investigative activities, remediation activities, legal expenditures, product discounts, identity protection services, and regulatory interventions.

In fact, lost business costs for the year surpassed a staggering $3 million.9

As this Verizon Data Breach Investigations Report graph (and common sense) indicates, the price of cyberprotection is a small fraction of the cost of fixing the big-ticket damage a cyberattack can inflict on your balance sheet and your reputation.

9 2013 Cost of Data Breach Study: Global Analysis, Ponemon Institute 7 2013 Verizon Data Breach Investigations Report

8 2013 Cost of Data Breach Study: Global Analysis, Ponemon Institute


Reason #4:

Loss prevention isn’t just about shoplifters.

To cybercriminals, confidential financial data is more valuable than merchandise. When credit card information is stolen, the crime can just keep on going, particularly if it isn’t detected right away. Click on these stories of just a few recent retail cybercrimes to learn more.

In September 2012, cybercriminals stole customers’ credit card information from the keypads of POS systems at 63 Barnes and Noble stores across the country.

Two men were recently sentenced for their role in a $10 million dollar conspiracy involving Subway restaurant POS devices. According to prosecutors, the group used stolen payment data from 146,000 cards over a two-year period to make unauthorized charges and transfer funds from the cardholders’ account.

Late last year, researchers discovered the so-called “Dexter” malware that infected POS systems worldwide, stealing data from tens of thousands of payment cards.

Conduct your own Google search for “Point of Sale data breaches” and you’re likely to find additional news stories, reinforcing the case for protecting all your organization’s endpoints, particularly your vulnerable POS systems.


Reason #5:

PCI-DSS compliance is serious business.

The Payment Card Information Data Security Standards (PCI-DSS) were developed “to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally.”10 PCI-DSS compliance is governed

by the PCI Security Council which is made up of the five major credit card companies (American Express, Discover, JCB, Master Card, and Visa). The standards apply to any organization that stores, processes or transmits cardholder information.

So what exactly are these standards? Basically, the PCI-DSS are requirements that credit card information stays secure. Whether you process, store, or transmit that data, you are obligated to do whatever it takes to prevent credit payment information from getting into the wrong hands. As the merchant, you are ultimately responsible for the security of your customers’ credit payment information.

So what happens if you violate the PCI-DSS and expose your customer data? The credit card companies can fine your bank $5000 to $100,000 per month for PCI compliance violations, which they will likely pass down to you, the merchant. When this happens, the bank is also likely to either terminate your relationship or increase transaction fees. Needless to say, these penalties can be devastating to a small retailer.

10 PCI Security Council, Payment Card Industry (PCI) Data Security Standard Requirements and


Kaspersky delivers a comprehensive security platform to help protect your business — whether you are looking to manage, protect and control all your endpoints (physical, mobile and virtual), secure your servers and gateways, or remotely manage your entire security environment.

Kaspersky Endpoint Security for Business boasts a comprehensive list of technologies from anti-malware, endpoint controls, encryption, mobile device management (MDM), to systems management including patch management and license inventories,

Kaspersky products are designed so that the administrator can view and manage the entire security landscape from one ‘single pane of glass’. They all work together seamlessly, supported by the cloud-based Kaspersky Security Network, to deliver world-class protection businesses need to combat ever more sophisticated and diverse cyber threats.

Built from the ground up, Kaspersky makes it easy for IT

administrators to see, control and protect their world. Kaspersky’s security modules, tools and administration console are developed in-house. The result is stability, integrated policies, useful

reporting and intuitive tools. Kaspersky Endpoint Security for Business is the industry’s only true integrated security platform.


Call Kaspersky today at 866-563-3099 or email us at, to learn more about Kaspersky

Endpoint Security for Business.

SEE IT. CONTROL IT. PROTECT IT. With Kaspersky, now you can.

About Kaspersky Lab

Kaspersky Lab is the world’s largest privately held vendor of endpoint protection solutions. The company is ranked among the world’s top four vendors of security solutions for endpoint users.* Throughout its

15-year history, Kaspersky Lab has remained an innovator in IT security and provides effective digital security solutions for educators,

consumers, SMBs and Enterprises. The company currently operates in almost 200 countries and territories across the globe, providing protection for more than 300 million users worldwide.

*Gartner, Magic Quadrant for Endpoint Protection Platforms, Peter Firstbrook, John Girard,




Related subjects :