When talking about stolen financial information through the web, discussions often focus on banks, insurance companies, and other financial institutions.
But new research from Kaspersky Lab reveals that the biggest sources of stolen financial data also includes eCommerce retail merchants.
The results provided by the electronic security protection firm revealed that 48 percent of e-tailers/online retail merchants and 41 percent of financial services organizations have reported losing some form of financial information within a period of 12-months to cybercriminal activities.
According to the report, the issue is that application vulnerabilities, targeted attacks and forms of cyberattacks are all contributing factors to the loss faced by almost half of the companies in these sectors. After major retailers being a victim of credit card breaches, with Home Depotand Target being a few examples, the report states the obvious issue.
Only 53 percent of the eCommerce sector indicated they “make every effort to keep anti-fraud measures up to date,” which is 10 percent lower than the global average, and the lowest overall among any business sector. This was despite the dependency of online retail businesses to process, receive and store sensitive financial information of their customers.
20 percent of respondents said that their company had lost intellectual property, a two percent increase compared to last year’s research. The percentage of those who said a data breach led to the loss of data on corporate account payments also increased to 11 percent, a one percent increase from last year. In seven percent of cases, third parties were able to make use of the data required to access the accounts.
The cyber criminals who are perpetrating such fraud are capitalizing on the wealth of financial information stolen from online retail and financial services customers and being sold in the grey market and the cyber crime shops online.
The least-common measure taken by both eCommerce service providers and financial services providers after a data breach was to provide discounted or free premium Internet security software to their customers.
“Kaspersky Lab’s survey also surprisingly found that the e-commerce/online retailer business segment is the least likely to deploy and update specialised anti-fraud measures to protect financial transactions.”
The Bright Side
The report does note that organizations are developing a better understanding of the root cause of data leakage – and how to protect themselves against certain risks, instead of taking broader measures to combat malware.
Because of the issues cited in the report, Kaspersky Lab states that installing a good anti-virus software is now mandatory when it comes to protecting company networks and workstations. But equally important is the use of security software for monitoring and patching vulnerabilities when it matters the most – providing protection against targeted and DDoS attacks, as well as protecting corporate BYOD-approved devices.
The report, however, rules out the effectiveness of security software if organizations don’t have effective security policies
“In order to prevent accidental leaks, companies need to boost the level of data security awareness among employees. In particular, this means building a stronger understanding of working with and handling corporate information stored on mobile devices. Security policies setting out an employee’s responsibilities and accountability when it comes to the disclosure of confidential information is yet another action that can considerably boost the level of corporate data security,” says the analysis.