Reducing Retail Data Breaches

ThinkstockPhotos 522151935Machine learning is no longer an innovative, helpful solution, but rather a necessity in detecting and diagnosing retail data breaches. By Nir Polak

As we’ve seen with the likes of Target, Home Depot, Chipotle and most recently, Kmart, hackers have made their mark on the retail and e-commerce industry. With a wealth of customer data extremely attractive to hackers, both major chains and local retailers need to be prepared for a breach at all times. Taken a step further, retailers and e-commerce brands must begin thinking and acting as if they have already been breached in order to avoid major fallout as best as possible.

With so much sensitive data at risk, when a breach does occur, companies and IT professionals need to be able to act quickly and determine the full extent of the threat as accurately as possible. Stolen credentials are the attack vectors of choice because they enable hackers to gain fast, unfettered network access and extend the time between points of entry until security professionals ultimately detect their nefarious activity. The situation is especially bad for retailers with physical and online operations, as they must secure back office systems, e-commerce transaction systems, and thousands of in-store point-of-sale systems.

Even worse, while the back office, online, and retail networks are supposed to be walled off from each other, it is often possible for a hacker to penetrate one as a means of hopping to the other. Longtime security professionals will recall that the famous TJX credit card breach began when hackers entered an in-store network via an unsecured Wi-Fi point, and then later moved throughout other networks. Tracking activity across devices, networks, and user identities can be extremely difficult, rendering detection effectively impossible.

With user and entity behavior analytics (UEBA) and machine learning, tools become “smarter” over time, and will be able to differentiate normal activity and users from outsider threats, or uncommon behaviors. Today’s technology and the growing amounts of storable data require intelligent processing, especially when thinking about the IT skills gap. Machine learning can handle more data at higher speeds with less opportunity for human error, making it the necessary choice for retailers.

Beyond detection, UEBA solutions are able to piece together the use of compromised accounts by attackers, security alerts and asset access characteristics and behaviors. By creating an incident timeline, companies can see the full picture of a breach, which allows them to drastically shorten the time between breach detection and analysis. In the retail industry, this combination of speed and accuracy is a necessity because it can halt the attacker from stealing additional customer data, potentially mitigating some of the repercussions, including customer abandonment.

The reality is breaches happen, but there are steps that can be taken to help prevent them. Utilizing machine learning and other forms of intelligent processing can help companies monitor their network for abnormal access activities and patterns to detect breaches faster than phishing.

According to a study from KPMG, 19 percent of shoppers say they would stop shopping at a retailer that falls victim to cyber hackers, even if the company takes steps to fix the situation. With both money and customer retention on the line, retailers need to be proactive and utilize all intelligent systems available to best protect their business from cyber attacks – before it’s too late.

Nir Polak is co-founder and CEO of Exabeam. He has 13 years of experience in information security, including executive experience setting company strategy, driving execution, building new products, and bringing them to market.

Contact Us

Retail Merchandiser Magazine
150 N. Michigan Ave., Suite 900
Chicago, IL 60601


Click here for a full list of contacts.

Latest Edition

Spread The Love

Back To Top