Because consumer payment data can be sold on the black market for substantial profit, it’s one of the most valued prizes for cybercriminals. It’s no surprise then that retailers are attacked nearly three times more often than financial sector companies. Unfortunately, hackers have sophisticated tools and techniques for breaching retail perimeters.
Protecting customer data against cyber theft is one of the most critical tasks retailers and online businesses can undertake. Any security incident that lessens customer trust will have long-term implications for the lifetime value of those accounts.
As a result, retailers can’t take a wait-and-see approach to security. They must be proactive in protecting their perimeter from hackers. Only retailers able to reduce the impact that inevitable breaches can have on customers are able to protect their brand reputations over the long run.
So what are the critical steps retailers must take to protect themselves?
Advanced Encryption Techniques
To fully mitigate risk, retailers must assume hackers are already in their system and architect a security strategy accordingly. In this mindset, it’s clear that encryption is critical – even if hackers manage to access customer data, it is meaningless and can’t be resold.
From an implementation perspective, IIS Technology takes a next-gen approach to encryption. In the traditional approach, data is altered during the encryption process. This typically requires changes to database schemas and infrastructures to handle the information’s new format. Worse, it means companies must continuously manage certificates and symmetric keys every time they want to use the data. Instead, we recommend an end-to-end encryption solution like SecureData from Hewlett Packard Enterprise (HPE), which allows the access policy to travel with the data itself. This eliminates the need for decryption keys and minimizes complexity in the security solution stack. With end-to-end encryption, retailers can reduce costs and the number of employees tasked with ongoing security management. More importantly, it gives retailers a non-disruptive, flexible way to manage changes in PCI regulations with less infrastructure impact.
Leverage Encryption Economics
From a financial perspective, strong encryption of data at rest and in motion is one of the most cost-effective deterrents to cybercrime. Unlike providers that focus solely on perimeter defense, we recommend HPE’s strong encryption to add another level of protection while reducing TCO for security solutions. In fact, the Ponemon Institute found that extensively deployed encryption technologies achieved a 21% return on investment – the second highest when compared with other security solutions.
Of course, encryption is just one piece of a holistic security approach. For companies doing business online, implementing tokenization is equally essential, as it minimizes the cost and risk of PCI compliance. This translates to less payment information stored and a reduced need to justify to a Qualified Security Assessor (QSA) during an audit.
The takeaway is that a complete program should span endpoints, perimeter networks, the extended infrastructure, applications and ultimately data – the goal of 99% of breaches today. As a Hewlett Packard Enterprise Platinum Partner, we have the people, skills and tools needed to transform security systems and keep private customer data from being compromised by even the most persistent attacker.
Contact IIS Technology for a complimentary security assessment to learn how we can simplify end-to-end encryption to fully protect your retail enterprise.