Because encryption is the best and easiest way to create smaller segments of what hackers can steal, Smith said, “The number one step for security with online merchants is encryption of everything from data at rest in the database to data in transit.”
Jamil Farshchi, Home Depot's CISO, said, “We’ve seen it happen because adversaries always look for the weakest link that will generate the most reward at the least risk.”
Many retailers are still in the process of adopting the EMV chip and signature, despite the October mandate for implementation. As was the case in Europe and Canada, merchants anticipate a decline in card present theft with a significant increase in CNP fraud.
“Their sensitive data on or via the websites are going to be at much greater risk,” Farshchi said.
Understanding where sensitive data lies allows enterprises to understand what protection tools they need to secure all of their applications. “Doing statistical analysis to actually do code reviews and driving a strong remediation process and communicating with development teams,” are key steps in strengthening online security, Farshchi said.
Depending on the applications running in the environment, having the ability to go through and do any remediation and testing can be difficult to impossible. There are, however, a variety of things security professionals can do to protect their data.
What’s most important, said Farshchi, “Is to provide development teams with the tools that don’t over encumber them in a way that prevents them from being able to release on time.”
Farshchi also recommended, “Leverage data sets to be able to monitor, use fraud prevention tools, and build out a seamless process for how applications are developed from the beginning to make sure they address security up front before it’s released.”
Unless a business looks at security holistically, they will end up with gaps, said Rice, and criminals will always find the gaps.
Sign up for MIS Asia eNewsletters.