A single solution for retail breaches?

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.scmagazine.com/a-single-solution-for-retail-breaches/article/346370/

In the wake of recent headline-grabbing breaches at retail chains,
arguments quickly arose regarding what could be done in terms of
prevention. Compliance, technology and regulations seem to be the
overarching topics. However, could there be an overarching solution?

There's no denying the finger-pointing that has come about following these
events. The blame game is mostly tied to the costs associated with
breaches. Right now, fraud losses and other post-breach expenses are
primarily covered by banks.

However, the retailer also has costs associated with supplying its
customers with credit monitoring, as well as its brand reputation being
affected. According to a study conducted by Javelin Strategy & Research
(commissioned by security firm Identity Finder), of the 5,634 surveyed
respondents, 33 percent indicated that they would avoid further business
with a retailer following a breach.

Nonetheless, the discussion surrounding who should foot the bill, while
meaningful and hotly debated, doesn't solve the overarching problem.

Many have argued in favor of legislation that will put pressure on
retailers to step up their security game. Randy Marchany, CSO at Virginia
Tech University, says that while he prefers that the government wouldn't
get involved, the retail industry isn't doing enough to prove them
otherwise.

“I wish it wasn't necessary for the feds to get involved but I don't see
the industry acting in a manner to prevent that,” says Marchany. “I think
the feds will enact legislation.”

But could such a complex issue involving technology be solved by
legislation? Jeremiah Grossman, CEO at WhiteHat Security doesn't believe
so. He says that with any security problem, it's all about who's in the
best position to effect change. In this case, he thinks it's all about the
card brands and payment card system, which has been in place since the 70s.

“They could effect change but they're incentivized against it because…it
makes them a lot of money,” Grossman says. “The system is perpetually
broken. We have to disrupt it and change the way we think about the problem
and do business. Look how the bad guys transact now, they [do it] in
Bitcoin. They already figured it out.”

Cyber criminals are still working to crack a dated system. The question is:
Can all entities involved with this problem work together to ultimately
produce a solution that will finally put security ahead of the game?

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!