In a speech to Retail Expo 2012 in Sydney, AVG Australia-New Zealand security advisor, Michael McKinnon said it was not the 5.3 percent of Australian retailers that provided online shopping services which had the greatest exposure to cybercrime.
Instead, McKinnon said it was the remaining 95 percent of business owners in the retail sector whose eyes were still “on the shop floor rather than the online world,” who were most at risk of falling prey to cybercrime.
“Retailers with a sophisticated Internet presence tend to have more current ICT systems and security regimes in place, while the vast majority are largely unaware of and are unprepared for threats to their security,” McKinnon cautioned.
AVG points out that not all cybercrime is coming from borderless networks of organised bad guys opportunistically scanning the Internet to find vulnerabilities, and it is very easy to walk in and scope physical stores, see what equipment and systems are running, and exploit known weaknesses.
And, the security firm stresses that, by operating with unsecured wireless networks and weak password regimes, retail outlets are open to online attack, with a criminal, sitting in close physical proximity to the shop, simply hacking into its system.
“The insidious nature of sophisticated malware is that it is designed to work undetected. The longer it can successfully infiltrate POS and other systems, the greater the value of the online heist – and in most cases a compromise won’t be discovered for months,” McKinnon said.
“Your machines won’t slow, nothing unwarranted will appear in your bank statements. You’ll only find out you’ve been a victim when customer fraud issues are traced back to you.”
The ramifications of a security breach, according to AVG, are in the loss of critical time, money and reputation, with the costs involved in having to deal with the Australian Federal Police and banks to comply with investigations, as well as ICT contractors to clean systems and compile evidence, potentially being too high a price for some retailers to pay.
And McKinnon says: “As the story spreads of you ‘allowing’ a hacker to fraudulently access customer financial information – particularly when you look at the immediacy and reach of social networking – the competitive retail market will often see customers changing to other, ‘safer’ suppliers.
“While a shoplifter can walk out the door with a single item of clothing, a cyber criminal can clean you out.”
As AVG points out, retail operates on tight margins, and while it may be tempting to cut corners when purchasing ICT equipment and commissioning external computing services, McKinnon advises “don’t scrimp, get the best and the latest and use every available security measure.”
AVG advises retailers to take greater interest in and responsibility for their online security and says that it is an area of their business that should only be outsourced with care.
On the perils of outsourcing without taking proper care, McKinnon cites a recent example where several retailers were breached when their IT supplier installed remote access technologies to service their systems but gave a hacker an “open door by using the same password for every customer.”
So, if you’re a retailer in the SME sector, or any other business sector for that matter, here are AVG’s five top tips for retaining confidentiality of data and ensuring good security:
1. Check the credentials and security regimes of any outsourced ICT resources
2. Maintain the highest security levels for Virtual Private Networks and your suppliers' remote access authorisations
3. Create strong passwords and strict authentications - hackers test for systems that use factory default settings
4. Secure all end points – POS, PCs, mobile devices including smartphones, tablets and USB sticks
5. Staff training must include online security awareness, and specifically the issue of social engineering where staff can be manipulated into divulging confidential data or personal identification information.