The home improvement chain also said the malware responsible for the breach has been removed from all stores.
With targeted attacks on the rise, e-retailers need to get their security priorities in order.
The data breach that hit Target Corp. cost up to 110 million consumers their personal data and payment information and the retailer $236 million. And just six months before the breach, Target spent $1.6 million on a FireEye Inc. advanced malware-detection software. While the software alerted Target to the breach, Target failed to react fast enough to mitigate the damage.
This is an example of a company seeking a silver bullet, one quick fix that will cover all security needs, says Forrester Research Inc. analyst Rick Holland. And silver bullets don’t exist, he says.
Instead, e-retailers need to come up with a complete strategy for combatting cyberattacks. “A lot of times retailers are looking for a company they can hire to solve their problems,” Holland says. “If you don’t have a solid foundation, you’re going to set yourself up for failure.”
Holland says retailers should take an inventory of their existing security technologies before investing in new tools. That includes examining what current technologies protect against, and what threats a retailer faces. For example, distributed-denial-of-service, or DDoS, attacks are on the rise and are a threat to any company with an online presence. A DDoS attack occurs when malefactors attempt to knock a site offline by sending an overwhelming volume of traffic to it. It’s distributed because the attack traffic comes from many computers, often thousands, which criminals control through software they surreptitiously load onto consumers’ PCs.
The costs of vendor-supplied software, hiring qualified employees and keeping up with security vary depending on the size of the retailer, Holland says. The most important thing retailers should do is weigh costs against benefits. For example, in the case of a DDoS attack, it’s easy for e-retailers to figure out how much an hour of web site downtime could cost them in sales. The technology used to combat those attacks should cost less than what the attack could cost it in sales, Holland says. At the same time, however, it is important for retailers to understand that a breach can cost more than lost sales; it also can damage an e-retailer’s reputation.
Read more about data security in the September cover story of Internet Retailer magazine. Click here to sign up for a free print or digital subscription to Internet Retailer magazine.