S'pore retailers 'slow to adapt to cyber threats'
Yasmine Yahya, The Straits Times/ANN
February 2, 2014, 12:46 am TWN
SINGAPORE--A spate of high-profile cybercrimes has targeted major retailers in the U.S. Despite this, many shops worldwide have been slow to adopt more sophisticated cyber security systems, experts say. The problem: Most retailers — and consumers — believe that cybercrime affects only online players.
"The reality is that these businesses are equally susceptible to threats," noted Sharat Sinha, Asia Pacific vice-president of Palo Alto Networks.
"Transactions made in-store still go through a network, and cybercriminals looking to steal critical customer data can still tap into their networks to do so."
This was how cybercriminals from Eastern Europe stole the data of 40 million Target customers in the U.S. late last year, getting away with encrypted PIN data, names, credit and debit card numbers and card expiration dates.
The theft took place in Target stores, not online, as the thieves had hacked into the computer network linked to the machines that customers use to swipe their cards when making purchases.
A similar attack targeted Neiman Marcus.
"What we have noticed is that retailers don't pay attention to this point-of-sale device — the thing that swipes cards. It is linked up to a local network in the store, which is connected to a network in the head office, which is connected to the Internet," explained Bryce Boland, Asia-Pacific chief technology officer of cyber security firm FireEye.
"So, the same kind of threats that could attack a normal personal computer could attack that machine in the store."
Retailers with e-commerce platforms are doubly vulnerable.
In its research over the past year, FireEye found that the Asia-Pacific region is twice as likely to be targeted by advanced cyber attacks than the global Internet community as a whole. Singapore was the 10th most targeted country in Asia last year.
Hackers have become ever more sophisticated, but many organizations are still relying on security strategies developed several years ago using traditional controls such as anti-virus software and firewalls, Boland said.
The good news is that the recent spate of cybercrimes have got the attention of local retailers, said FireEye's Southeast Asia regional director Stephanie Boo. But the awareness is not being translated into action just yet. "There is still a reliance on the Government to ensure the country is safe from such attacks," she said.