Last few days of 2013 were a nightmare for the retail giant Target. Here are a few updates on the same:-
(a) Target plans to lead the US retailers to embrace the European "Chip-and-PIN" credit card payment processing. This will be costly and will take time.
(b) A RAM scraper, memory-parsing malware grabbed TargetÔö£├ÂÔö£├éÔö¼├║├ö├Â┬úÔö£├®Ôö£├ÂÔö£├éÔö¼├║├ö├Â┬úÔö¼ÔòæÔö£├ÂÔö£├éÔö¼├║├ö├Â┬ú├ö├▓├╣s plain text data [being called the blackPOS]. VISA Inc. had alerted retailers in April and August 2013 about presence of such malware in the wild.
(c) Target acknowledged its attack after a security blogger reported the breach.
(d) Target also has $100Mn as insurance cover. NEWS Article available here
VerizonÔö£├ÂÔö£├éÔö¼├║├ö├Â┬úÔö£├®Ôö£├ÂÔö£├éÔö¼├║├ö├Â┬úÔö¼ÔòæÔö£├ÂÔö£├éÔö¼├║├ö├Â┬ú├ö├▓├╣s 2013 Data Breach investigation Report available here has summarized 2013 breaches as:-
├ö├Â┬úÔö£├é├ö├Â┬úÔö£├®├ö├Â┬╝├ö├▓├ÿÔö£├ÂÔö£├éÔö¼├║├ö├Â┬úÔö£┬║ 24% of breaches are in retail
├ö├Â┬úÔö£├é├ö├Â┬úÔö£├®├ö├Â┬╝├ö├▓├ÿÔö£├ÂÔö£├éÔö¼├║├ö├Â┬úÔö£┬║ 37% of breaches affect financial organizations.
├ö├Â┬úÔö£├é├ö├Â┬úÔö£├®├ö├Â┬╝├ö├▓├ÿÔö£├ÂÔö£├éÔö¼├║├ö├Â┬úÔö£┬║ 38% of breaches impact larger organizations.
├ö├Â┬úÔö£├é├ö├Â┬úÔö£├®├ö├Â┬╝├ö├▓├ÿÔö£├ÂÔö£├éÔö¼├║├ö├Â┬úÔö£┬║ most breaches are detected weeks/months later and
├ö├Â┬úÔö£├é├ö├Â┬úÔö£├®├ö├Â┬╝├ö├▓├ÿÔö£├ÂÔö£├éÔö¼├║├ö├Â┬úÔö£┬║ 52% of breaches are detected by unrelated parties.
The report also highlights Cyber crimes, digital risk management and privacy protection as significant capital expenses in 2014 for the Retail industry AND the Financial Service industry. It also indicates that the RAM scrapers and network/system utilities (Ôö£├ÂÔö£├éÔö¼├║├ö├Â┬úÔö£├®Ôö£├ÂÔö£├éÔö¼├║├ö├Â┬úÔö¼ÔòæÔö£├ÂÔö£├éÔö¼ÔòØ├ö├Â┬ú├ö├▓├ªAdminwareÔö£├ÂÔö£├éÔö¼├║├ö├Â┬úÔö£├®Ôö£├ÂÔö£├éÔö¼├║├ö├Â┬úÔö¼ÔòæÔö£├ÂÔö£├éÔö¼├║├ö├Â┬ú├ö├Â├ë) as a significant contributor to financial crime.