3 Cybersecurity Predictions for the Retail Industry in 2014

The news headlines of 2013 have perpetuated the idea that the retail industry, just like any other industry, isn't immune to cyber attacks. Just within the past several weeks we've seen the largest retail data breach to date when Target saw 110 million transactions compromised, and the expectation is that this won't be the last time — for Target or any other retailer. As a result, we'll see some significant changes this year with regard to how retailers protect their sensitive data and consumer buying behavior.

Consumers Will Be More Careful
The faith of the consumer will undoubtedly be tested in 2014. Many may think twice before swiping their credit cards at a local retail chain, and some will be more cautious to adopt the latest technologies — e.g., mobile payment systems.

We'll also see a reversal with regard to information sharing. 2013 was the year of oversharing. We've seen oversharing on social media, with personal details like email addresses, traceable cellphone numbers or home addresses provided. In light of recent data breaches like the one at SnapChat, consumers will become more reluctant to share personal information online. We'll see a shift in focus on sharing only need-to-know information.

Consumers will also pay closer attention to monitoring their personal finances. We've gotten to a point in which the industry has acknowledged that breaches will happen; we cannot prevent all of them. In response, consumers will keep a closer eye on credit card statements and personal banking information, even when they know they haven't shopped at a store that publicly announces it suffered a data breach. This shift in attitude will continue, and retailers will be expected to address it accordingly.

Retailers Will Face an Increasing Number of Sophisticated Attacks
The types of threats retailers will face in 2014 will continue to include credit card data theft, denial-of-service (DOS) attacks and point-of-sale (POS) system breaches. For example, many cash registers will continue to run variants of Windows and be vulnerable to the same exploits as desktops and servers running related operating systems. Online retailers will also continue to come under DoS attacks that attempt to knock their sites offline.

Behavioral data like that which is tied to customer loyalty programs will become as prominent as payment data in security discussions in 2014. Payment card companies don't know what or where consumers buy because they simply process payments. However, retailers store large amounts of loyalty card data that identifies what consumers buy, how often and where. Although this may not consist of personally identifiable information, it's still data that should be protected because consumers have a right to privacy.

Moreover, if these types of databases are compromised, retailers aren't always legally obligated to disclose such information to the public, so many customers may not even know that they're compromised. In 2014, we'll see this become more topical in retail security conversations, and more retailers will look to new investments to secure this type of data as well as payment data.

The key variant retailers need to understand is that their biggest vulnerabilities can be found where their data, whether payment or customer behavior data, resides. Is it stored in server banks? Is it moving across wireless networks? Ultimately, retailers need to ask themselves the following: Where is my most vulnerable data? And what am I doing to protect it?

Retailers Will Invest in Technologies That Uncover Breaches Faster
One key commonality among several recent high-profile breaches is the time lapse between the occurrence of the breach and the discovery of the breach. In the case of Target, it took more than three weeks for the company to identify and disclose the breach.

In today's world, threats are evolving faster than ever before. Access logs, virus signatures and intrusion detection alerts are simply no longer sufficient to properly secure sensitive data. Retailers are beginning to revise their network infrastructure policies and procedures to help close that security gap, and a large part of this involves investing in tools and technologies that monitor networks in real time.

Also, simply ticking the payment card industry compliance box isn't enough. Data requires a multifaceted and broad defensive posture that keeps the many avenues of entry and exit in mind. Retailers will consider building behavioral-based defenses that alert anomalous activity on networks, servers and databases.

Ultimately, data will drive the security decisions of retailers this year. Whether investing in new tools, developing new security policies and procedures, or addressing specific customer concerns, retailers will begin to shape their proactive cyber defense posture around their data assets in order to create the strongest wall of defense.

Dr. Vincent Berk is the CEO and co-founder of network security software provider FlowTraq.