48% of eCommerce Sites Lose Financial Data to Cyber Criminals

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://vpncreative.net/2014/09/12/48-ecommerce-financial-data-cyber-criminals/

But new research from Kaspersky Lab reveals that the biggest sources of
stolen financial data also includes eCommerce retail merchants.

The results provided by the electronic security protection firm revealed
that 48 percent of e-tailers/online retail merchants and 41 percent of
financial services organizations have reported losing some form of
financial information within a period of 12-months to cybercriminal
activities.

According to the report, the issue is that application vulnerabilities,
targeted attacks and forms of cyberattacks are all contributing factors to
the loss faced by almost half of the companies in these sectors. After
major retailers being a victim of credit card breaches, with Home Depot and
Target being a few examples, the report states the obvious issue.

Only 53 percent of the eCommerce sector indicated they “make every effort
to keep anti-fraud measures up to date,” which is 10 percent lower than the
global average, and the lowest overall among any business sector. This was
despite the dependency of online retail businesses to process, receive and
store sensitive financial information of their customers.

20 percent of respondents said that their company had lost intellectual
property, a two percent increase compared to last year’s research. The
percentage of those who said a data breach led to the loss of data on
corporate account payments also increased to 11 percent, a one percent
increase from last year. In seven percent of cases, third parties were able
to make use of the data required to access the accounts.

The cyber criminals who are perpetrating such fraud are capitalizing on the
wealth of financial information stolen from online retail and financial
services customers and being sold in the grey market and the cyber crime
shops online.

The least-common measure taken by both eCommerce service providers and
financial services providers after a data breach was to provide discounted
or free premium Internet security software to their customers.

“Kaspersky Lab’s survey also surprisingly found that the e-commerce/online
retailer business segment is the least likely to deploy and update
specialised anti-fraud measures to protect financial transactions.”

The Bright Side

The report does note that organizations are developing a better
understanding of the root cause of data leakage – and how to protect
themselves against certain risks, instead of taking broader measures to
combat malware.

Because of the issues cited in the report, Kaspersky Lab states that
installing a good anti-virus software is now mandatory when it comes to
protecting company networks and workstations. But equally important is the
use of security software for monitoring and patching vulnerabilities when
it matters the most – providing protection against targeted and DDoS
attacks, as well as protecting corporate BYOD-approved devices.

The report, however, rules out the effectiveness of security software if
organizations don’t have effective security policies.

“In order to prevent accidental leaks, companies need to boost the level of
data security awareness among employees. In particular, this means building
a stronger understanding of working with and handling corporate information
stored on mobile devices. Security policies setting out an employee’s
responsibilities and accountability when it comes to the disclosure of
confidential information is yet another action that can considerably boost
the level of corporate data security,” says the analysis.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!