For the final retail cyber security blog post I will write an analysis of my blogs so far, what I've learned and where I gathered my sources.
First off, I chose this topic because it is relevant to my current field. I work in an organization that processes debit and credit card transactions for banks and merchants. In my area we deal with merchants of all sizes - large corporations and mom & pop facilities. I monitor applications for POS devices and online applications. Also, this industry is prone to attacks and hackers bent on securing Pii information from consumers and stealing data from companies. It is rare to go more than a couple months without hearing about a major data breach in the retail sector.
A majority of my sources were from news articles and the NIST special publications. You can gather a lot of information from the NIST and the media (while biased) does a great job highlighting the failure of companies to secure our data. Each week I learned more about the vulnerabilities and risks of the industry, the tools the hackers used to exploit those vulnerabilities, and the ways in which it can be prevented in the future. I hope this blog was beneficial for the perspective I could provide.
- Angie
Saturday, May 30, 2015
Tuesday, May 19, 2015
2015 Cyber Security Trends
Good Afternoon!
Today's blog post is going to feature what CIO online has predicted as the top trends for cyber security in 2015. As noted by the site, 2014 was the year of the "data breach" with large retailers and banks succumbing to attacks. This will still remain a large prevalent threat for the future, but already other trends are starting to emerge. Below I have listed the trends and something's to anticipate.
1. Cybercrime - those looking to exploit companies vulnerabilities for monetary gain or notoriety, and CIO has identified an increase in cyber criminal activity from former soviet states.
2. Privacy and Protection - Governments are increasingly imposing policy and regulation on corporations for the restriction of personal data. The emphasis on policy and hefty fines for failure to secure consumer data and the prevention of large scale data breaches will only continue.
3. Threats from 3rd party providers - Large companies often need
to share sensitive data with 3rd party organizations and vendors. Hackers are exploiting vulnerabilities in these companies to access the data of a larger corporation.
4. BYOD trends - the bring your own device trend in the workplace is now common. Personal Hard drives, lap tops, and smart phones are replacing company issued devices. While this has some economical impact, the abundance of "openings" it creates for a breach are significant. Using appropriate intranet and firewalls can prevent unauthorized access with BYOD.
5. Engagement with People - the people in a workplace are its strongest asset, and employees need to be more engaged in infosec measures. A disgruntled employee can spell disaster from an infosec perspective.
Read more about the 2015 trends here:
http://www.cio.com/article/2857673/security0/5-information-security-trends-that-will-dominate-2015.html
- Angie
Today's blog post is going to feature what CIO online has predicted as the top trends for cyber security in 2015. As noted by the site, 2014 was the year of the "data breach" with large retailers and banks succumbing to attacks. This will still remain a large prevalent threat for the future, but already other trends are starting to emerge. Below I have listed the trends and something's to anticipate.
1. Cybercrime - those looking to exploit companies vulnerabilities for monetary gain or notoriety, and CIO has identified an increase in cyber criminal activity from former soviet states.
2. Privacy and Protection - Governments are increasingly imposing policy and regulation on corporations for the restriction of personal data. The emphasis on policy and hefty fines for failure to secure consumer data and the prevention of large scale data breaches will only continue.
3. Threats from 3rd party providers - Large companies often need
to share sensitive data with 3rd party organizations and vendors. Hackers are exploiting vulnerabilities in these companies to access the data of a larger corporation.
4. BYOD trends - the bring your own device trend in the workplace is now common. Personal Hard drives, lap tops, and smart phones are replacing company issued devices. While this has some economical impact, the abundance of "openings" it creates for a breach are significant. Using appropriate intranet and firewalls can prevent unauthorized access with BYOD.
5. Engagement with People - the people in a workplace are its strongest asset, and employees need to be more engaged in infosec measures. A disgruntled employee can spell disaster from an infosec perspective.
Read more about the 2015 trends here:
http://www.cio.com/article/2857673/security0/5-information-security-trends-that-will-dominate-2015.html
- Angie
Tuesday, May 12, 2015
Preventing an Attack: lessons from Home Depot and Target
In today's technological world there is an increase in malicious activity. Given this, large retailers need to constantly revise their security protocol and procedures. It is simply not enough to install basic security components and prepare for the worst. Companies need to assume they are under attack as they possesses the data hackers find attractive - credit card number and personally identifiable information. It has been discussed in the media that some of the large hacks as of late (namely Home Depot and target) were victims of opportunity... The attackers exploited known vulnerabilities in the networks and POS devices.
To prevent these attacks, retailers need to think of security first and foremost, it needs to be built into the system - not an after thought. Firewalls in the network and encrypting the data within the POS and as it traverses the system to the issuers or to the database would ensure security. The SANS institute recommends, for example, networks should be designed, so POS systems are not accessible, if a hacker breaks into another system on the network that is connected to the Internet. These vulnerabilities were exploited in Home Depot. For this reason, it is crucial that after the security is implemented - routine audits and vulnerability scans are completed to find and repair leaks.
Approaching security with the assumption you will be targeted will certainly make it apparent that security and the proper preparation steps are essential to maintaining business.
- Angie
To prevent these attacks, retailers need to think of security first and foremost, it needs to be built into the system - not an after thought. Firewalls in the network and encrypting the data within the POS and as it traverses the system to the issuers or to the database would ensure security. The SANS institute recommends, for example, networks should be designed, so POS systems are not accessible, if a hacker breaks into another system on the network that is connected to the Internet. These vulnerabilities were exploited in Home Depot. For this reason, it is crucial that after the security is implemented - routine audits and vulnerability scans are completed to find and repair leaks.
Approaching security with the assumption you will be targeted will certainly make it apparent that security and the proper preparation steps are essential to maintaining business.
- Angie
Tuesday, May 5, 2015
Risk Tolerance and the Retail Sector
Risk tolerance is defined as the amount of risk an organization is willing to accept, given the value they would like to establish and create in an organization. Each retail organization needs to understand the value they are creating, and how the risk associated with that value needs to be determined, controlled, and eventually mitigated should an attack occur.
Obviously, there is no such thing as a perfect system. Because of this, it is imperative to determine the risk appetite of the organization. Some would argue that the financial crisis of 2007-2008 occurred due to lack of risk assessment, and direction about who or what was responsible for that risk. Likewise, companies in a retail setting need to understand and determine the risk to protect their trade secrets and customer information.
The retail industry should be regulated like the banking industry due to the highly sensitive data they possess. They would need to develop a low risk appetite, meaning implementing controls and safeguarding information to a point of overreaching. If a new company were to establish itself without a risk plan, they could outsource their IT infrastructure and personnel to partially relieve themselves from the burden. This is referred to as risk transferrence and it would be a preferred method for smaller retail locations who would need to just focus on selling and producing goods for purchase. This strategy is also not perfect as the organization would need to fully research the IT company with which they are entrusting their data, and also that the risk would not be 100% transferred.
Analyzing risk appetite is an important aspect of overall risk management.
-Angie
Obviously, there is no such thing as a perfect system. Because of this, it is imperative to determine the risk appetite of the organization. Some would argue that the financial crisis of 2007-2008 occurred due to lack of risk assessment, and direction about who or what was responsible for that risk. Likewise, companies in a retail setting need to understand and determine the risk to protect their trade secrets and customer information.
The retail industry should be regulated like the banking industry due to the highly sensitive data they possess. They would need to develop a low risk appetite, meaning implementing controls and safeguarding information to a point of overreaching. If a new company were to establish itself without a risk plan, they could outsource their IT infrastructure and personnel to partially relieve themselves from the burden. This is referred to as risk transferrence and it would be a preferred method for smaller retail locations who would need to just focus on selling and producing goods for purchase. This strategy is also not perfect as the organization would need to fully research the IT company with which they are entrusting their data, and also that the risk would not be 100% transferred.
Analyzing risk appetite is an important aspect of overall risk management.
-Angie
Tuesday, April 28, 2015
Risk Analysis in the Retail World
This week the blog will be focusing on risk analysis and assessments.
The basic definitions of risk analysis and assessment are the identification of levels of risk in an organization, and the process that assigns them scores/ratings to enable an organization to implement anticipate, mitigate, and control for threats to their organization, respectively. Given the abundance of retail attacks in the last decade, it is safe to assume merchants worldwide would benefit from further risk management in their organizations.
Put simply, the retail sector would benefit tremendously from increasing their risk management. The first steps would be to categorize assets including hardware, software, and personnel. From there, you would give each asset a value - for example, the highest asset value could be POS software. For instance, if a DDoS attack were to occur on this type of asset, it could result in a compromise of valuable customer information, and loss of money/business for the duration of the outage. With this information you would also combine any threat identification known to your particular business, goods, or even geographical location. It would also be beneficial to identify the likelihood a threat would/could occur, and the frequency with which it happens.
There are obvious inherent risks and threats in any industry, however the retail sector has been hit the hardest as of late. The tide might be turning in favor of other industries - those for which cyber criminals gain access to health information, or hack companies for 'fun' or political motivation (see Anthem, or Sony for example). But the pervasive threat facing the consumer world is abundant. Mitigating these threats through proper risk assessment, analysis, and management is crucial to maintaining this industry.
- Angie
The basic definitions of risk analysis and assessment are the identification of levels of risk in an organization, and the process that assigns them scores/ratings to enable an organization to implement anticipate, mitigate, and control for threats to their organization, respectively. Given the abundance of retail attacks in the last decade, it is safe to assume merchants worldwide would benefit from further risk management in their organizations.
Put simply, the retail sector would benefit tremendously from increasing their risk management. The first steps would be to categorize assets including hardware, software, and personnel. From there, you would give each asset a value - for example, the highest asset value could be POS software. For instance, if a DDoS attack were to occur on this type of asset, it could result in a compromise of valuable customer information, and loss of money/business for the duration of the outage. With this information you would also combine any threat identification known to your particular business, goods, or even geographical location. It would also be beneficial to identify the likelihood a threat would/could occur, and the frequency with which it happens.
There are obvious inherent risks and threats in any industry, however the retail sector has been hit the hardest as of late. The tide might be turning in favor of other industries - those for which cyber criminals gain access to health information, or hack companies for 'fun' or political motivation (see Anthem, or Sony for example). But the pervasive threat facing the consumer world is abundant. Mitigating these threats through proper risk assessment, analysis, and management is crucial to maintaining this industry.
- Angie
Wednesday, April 22, 2015
Security Controls
Happy Wednesday, Blog Readers
Today the focus of the blog will be on security programs: what they are, and how they can aid in businesses and merchants from internal and external threats to the confidentiality, integrity, and availability of their sensitive and non-sensitive data.
We, as the consumers, should expect a level of data confidentiality when making purchases from say, a pharmacy. Our medical information should not be shared with anyone without our consent - likewise, if making a purchase in a clothing or retail store, you would also expect the same level of privacy for important data like credit card information, or when applicable social security card information. What information can and should be shared with an organizations employees?
There are different levels of security for data, depending on how it is classified. In the current days of "big data", our shopping and consuming habits are being categorized, monitored, and analyzed by companies for various reasons. Ever notice the ads on certain websites are tailored just for you? Your browsing habits are being turned into data and statistics, to increase the likelihood you will purchase a product or revisit a site. This type of data is not currently categorized as highly sensitive (although it is a big off putting, no?), so the data I'm referring to would be highly sensitive: credit card information, social security number, and the like. There are certain security controls an organization can implement to ensure this data is not easily viewed by someone without authorization and access.
For example, an organization can and should secure highly sensitive data from those without authorization, be it physical or logical. Access control refers to the identification of the person, authentication, authorization, and accountability. There should be schemes in each business to determine who can and cannot access highly sensitive data - some might find that certain employees will have "read-only" privileges to not alter or delete data, while other more sensitive information can only be viewed by a high ranking member, like a manager.
Implementing the proper security controls further ensures our data maintains safe and secure.
- Angie
Today the focus of the blog will be on security programs: what they are, and how they can aid in businesses and merchants from internal and external threats to the confidentiality, integrity, and availability of their sensitive and non-sensitive data.
We, as the consumers, should expect a level of data confidentiality when making purchases from say, a pharmacy. Our medical information should not be shared with anyone without our consent - likewise, if making a purchase in a clothing or retail store, you would also expect the same level of privacy for important data like credit card information, or when applicable social security card information. What information can and should be shared with an organizations employees?
There are different levels of security for data, depending on how it is classified. In the current days of "big data", our shopping and consuming habits are being categorized, monitored, and analyzed by companies for various reasons. Ever notice the ads on certain websites are tailored just for you? Your browsing habits are being turned into data and statistics, to increase the likelihood you will purchase a product or revisit a site. This type of data is not currently categorized as highly sensitive (although it is a big off putting, no?), so the data I'm referring to would be highly sensitive: credit card information, social security number, and the like. There are certain security controls an organization can implement to ensure this data is not easily viewed by someone without authorization and access.
For example, an organization can and should secure highly sensitive data from those without authorization, be it physical or logical. Access control refers to the identification of the person, authentication, authorization, and accountability. There should be schemes in each business to determine who can and cannot access highly sensitive data - some might find that certain employees will have "read-only" privileges to not alter or delete data, while other more sensitive information can only be viewed by a high ranking member, like a manager.
Implementing the proper security controls further ensures our data maintains safe and secure.
- Angie
Tuesday, April 14, 2015
Cyber Security Education and Training
This week's blog post will focus on cyber security, and information security training and education.
Given the abundance of cyber criminal activity, the retail sector is at a particularly vulnerable disadvantage as of late. While most organizations have security training in place for employees, the retail corporation's reluctance to implement security controls to mitigate and prevent attacks has been well documented. This lack of "action" is usually blamed on lack of funds, or an inability to budget wisely for InfoSec measures. Perhaps these companies need to take a closer look at the budget, and the information they are disseminating to employees and shoppers, or lack thereof.
InfoSec training is crucial to the overall security health of an organization. Teaching employees about proper safe guards can combat inappropriate or risky behavior that can leave an organization at risk for exposure. There are a few ways companies can engage their employees in InfoSec training: videos, posters, banners, and quarterly newsletters. It is important for each member of the organization to know they are responsible for IT security, and their actions will be held accountable.
Last year, Target corp announced they would be spending an additional $5 million dollars on a cyber security coalition to educate their employees and the public on the dangers of phishing, cyber crime, and consumer scans. Although this measure was touted as a PR move to "save face" with customers (given the 100 million data breach), the steps necessary to prevent a future cyber attack include proper training and education. Making the commitment to spend the additional funds in this manner shows Target takes cyber education and prevention of attacks very seriously.
Hopefully other retailers take note, and invest wisely.
- Angie
Given the abundance of cyber criminal activity, the retail sector is at a particularly vulnerable disadvantage as of late. While most organizations have security training in place for employees, the retail corporation's reluctance to implement security controls to mitigate and prevent attacks has been well documented. This lack of "action" is usually blamed on lack of funds, or an inability to budget wisely for InfoSec measures. Perhaps these companies need to take a closer look at the budget, and the information they are disseminating to employees and shoppers, or lack thereof.
InfoSec training is crucial to the overall security health of an organization. Teaching employees about proper safe guards can combat inappropriate or risky behavior that can leave an organization at risk for exposure. There are a few ways companies can engage their employees in InfoSec training: videos, posters, banners, and quarterly newsletters. It is important for each member of the organization to know they are responsible for IT security, and their actions will be held accountable.
Last year, Target corp announced they would be spending an additional $5 million dollars on a cyber security coalition to educate their employees and the public on the dangers of phishing, cyber crime, and consumer scans. Although this measure was touted as a PR move to "save face" with customers (given the 100 million data breach), the steps necessary to prevent a future cyber attack include proper training and education. Making the commitment to spend the additional funds in this manner shows Target takes cyber education and prevention of attacks very seriously.
Hopefully other retailers take note, and invest wisely.
- Angie
Friday, April 10, 2015
RILA CyberSecurity and Data Privacy Initiative
This week's blog post is similar to last weeks - with a focus on cyber security policies and procedures. The Retail Industry Leader's Association (RILA) has their own cyber security and data privacy initiative which seeks to educate and advise retailers in preventing attacks, enhance existing privacy and cyber security efforts, inform the public dialogue, and build & maintain consumer trust.
Some of the highlights in the initiative include extending the dialogue to the systems 'outside' the retail control - like banks and card issuers to improve payments security. In particular, RILA would like the industry to move towards Universal PIN security, chip-based smart cards (i.e. EMV Chip Cards), and elimination of the mag stripe. Updating these systems would ensure better secure transactions at retail locations. I also believe this conversation needs to extend to the companies providing POS software and hardware to retailers. Every angle has to be accounted for if you are actively preventing cyber attacks.
As RILA points out:
"Unlike attacks on non-consumer facing industries that seek proprietary corporate information, cyber attacks on retailers are aimed at sensitive consumer financial data that can be used for financial gain. The number of those potentially affected in a successful attack is staggeringly high. Such a breach can affect consumers’ faith in the system and can damage the relationship that all retailers seek to build with their customers."
- Angie
Some of the highlights in the initiative include extending the dialogue to the systems 'outside' the retail control - like banks and card issuers to improve payments security. In particular, RILA would like the industry to move towards Universal PIN security, chip-based smart cards (i.e. EMV Chip Cards), and elimination of the mag stripe. Updating these systems would ensure better secure transactions at retail locations. I also believe this conversation needs to extend to the companies providing POS software and hardware to retailers. Every angle has to be accounted for if you are actively preventing cyber attacks.
As RILA points out:
"Unlike attacks on non-consumer facing industries that seek proprietary corporate information, cyber attacks on retailers are aimed at sensitive consumer financial data that can be used for financial gain. The number of those potentially affected in a successful attack is staggeringly high. Such a breach can affect consumers’ faith in the system and can damage the relationship that all retailers seek to build with their customers."
- Angie
Tuesday, March 31, 2015
Sony: Business Continuity Lessons Learned
Afternoon Blog Readers,
Once an attack occurs, bringing a business back to proper functionality is CRUCIAL. Seconds, minutes, hours can pass where a company will lose money, valuable information, and put consumers at risk.
A couple months ago, the CEO of Sony released statements about the steps they took following the attack on their network in 2014. A proper business continuity strategy ensures critical business functions will continue following a disaster. According to Michael, top executives communicated through a calling tree where updates where relayed from 1 person to another. An attack of this magnitude was not expected, nor some experts argue, correctly planned for (via proper DR procedures).
The Wall Street Journal article highlights the lack of preparedness some companies face against hacks of this nature. While most would prepare for a natural disaster, a majority of companies would not have the BC plans to prepare for every computer in their organization to fall victim to an attack.
Alan Berman, CEO of Disaster Recovery Institute said it best:
"What we're learning from Sony is what we've supposedly learned from Target and [others]," Berman says. "We really do need better security. We need better sharing of knowledge, which doesn't take place."
Read more here:
http://www.bankinfosecurity.com/sony-hack-business-continuity-lessons-a-7743/op-1
- Angie
Once an attack occurs, bringing a business back to proper functionality is CRUCIAL. Seconds, minutes, hours can pass where a company will lose money, valuable information, and put consumers at risk.
A couple months ago, the CEO of Sony released statements about the steps they took following the attack on their network in 2014. A proper business continuity strategy ensures critical business functions will continue following a disaster. According to Michael, top executives communicated through a calling tree where updates where relayed from 1 person to another. An attack of this magnitude was not expected, nor some experts argue, correctly planned for (via proper DR procedures).
The Wall Street Journal article highlights the lack of preparedness some companies face against hacks of this nature. While most would prepare for a natural disaster, a majority of companies would not have the BC plans to prepare for every computer in their organization to fall victim to an attack.
Alan Berman, CEO of Disaster Recovery Institute said it best:
"What we're learning from Sony is what we've supposedly learned from Target and [others]," Berman says. "We really do need better security. We need better sharing of knowledge, which doesn't take place."
Read more here:
http://www.bankinfosecurity.com/sony-hack-business-continuity-lessons-a-7743/op-1
- Angie
Tuesday, March 24, 2015
Tips for the Online Retailers
Good Afternoon Blog Readers & Shoppers alike!
Last week I reviewed how some of these hackers are gaining access to confidential and personally identifiable information from retail locations. What happens to the credit card numbers of those affected? While most physical retail locations require some form of identification if there is a physical stolen card, the proliferation of online purchasing has made it increasingly difficult for merchants to ascertain stolen credit card information. According to FraudLabs website, there was approximately 2.6 billion dollars in merchant cost due to online fraud in 2004. Yes, you read that right, this statistic is in the billions - and the data is 10 years old. So what's an online retailer to do?
Here are some tips for an online merchants to reduce the chance of fraudulent purchases:
1. Geolocation by IP Address - this technology can locate the physical address of the computer used to purchase online goods. It can be used to examine the distance between the billing address and the computer. Legitimate customers will not be deterred by legitimate authentication measures, which will protect them from credit card fraud also and keep the costs of doing business on the Internet down, especially if the customer is properly informed and advised.
2. Check whether an anonymous email address, or proxy internet server was used - Anonymous proxy servers and email addresses allow Internet users to hide their actual IP address. The main purpose of using a proxy server is to remain anonymous or to avoid detection. While well known businesses use this to protect internal networks, fraudsters hide themselves behind anonymous proxy servers
3. Check if the mailbox used is a ship-forward address or PO Box - since the criminal would need place for the inventory to be sent, a physical address or PO box location is a must. A way to conceal the true identity of the purchaser is to use an anonymous physical address.
Last week I reviewed how some of these hackers are gaining access to confidential and personally identifiable information from retail locations. What happens to the credit card numbers of those affected? While most physical retail locations require some form of identification if there is a physical stolen card, the proliferation of online purchasing has made it increasingly difficult for merchants to ascertain stolen credit card information. According to FraudLabs website, there was approximately 2.6 billion dollars in merchant cost due to online fraud in 2004. Yes, you read that right, this statistic is in the billions - and the data is 10 years old. So what's an online retailer to do?
Here are some tips for an online merchants to reduce the chance of fraudulent purchases:
1. Geolocation by IP Address - this technology can locate the physical address of the computer used to purchase online goods. It can be used to examine the distance between the billing address and the computer. Legitimate customers will not be deterred by legitimate authentication measures, which will protect them from credit card fraud also and keep the costs of doing business on the Internet down, especially if the customer is properly informed and advised.
2. Check whether an anonymous email address, or proxy internet server was used - Anonymous proxy servers and email addresses allow Internet users to hide their actual IP address. The main purpose of using a proxy server is to remain anonymous or to avoid detection. While well known businesses use this to protect internal networks, fraudsters hide themselves behind anonymous proxy servers
3. Check if the mailbox used is a ship-forward address or PO Box - since the criminal would need place for the inventory to be sent, a physical address or PO box location is a must. A way to conceal the true identity of the purchaser is to use an anonymous physical address.
Of course, with all of these examples, the customer could be a legitimate customer who values privacy on the internet. So when in doubt - it is best for the online merchant to request more information from the purchaser. Calling or faxing the customer would aid in further authenticating their identification.
Check out the rest of the tips for online merchants here:
https://www.fraudlabs.com/fraudlabswhitepaperpg1.htm
- Angie
Tuesday, March 17, 2015
Big and Small: Every Company At Risk
Target, Home Depot, TJ Maxx - they make the headlines. Large companies whose networks have been compromised leaving millions of consumers vulnerable to credit card fraud. Are the cyber criminals picking out the large corporations, or are they also attacking small mom & pop shops? Similarly, are merchants required to divulge security breaches to the public?
While it is true that most states have laws requiring companies to contact customers if certain personal information is compromised - usually, however, the task falls on the credit issuers. It was revealed in 2014 that some lesser known retailers (small outlet shops) may have also been the victim of the same person or persons responsible for the Target attack. It was believed in the case with Target, the breach was the result of a malware program called a RAM scraper -- a memory parsing software, which enables criminals to obtain encrypted data traveling through live memory of a computer, where it appears as plain text.
It would appear some of these are well planned, comprehensive attacks. Conversely, some may be crimes of opportunity or convenience. Many retailers simply delay disclosing breach information as they feel it might hurt their business and public image.
Read more about the Target fall out from Reuters:
http://www.reuters.com/article/2014/01/12/us-target-databreach-retailers-idUSBREA0B01720140112
- Angie
While it is true that most states have laws requiring companies to contact customers if certain personal information is compromised - usually, however, the task falls on the credit issuers. It was revealed in 2014 that some lesser known retailers (small outlet shops) may have also been the victim of the same person or persons responsible for the Target attack. It was believed in the case with Target, the breach was the result of a malware program called a RAM scraper -- a memory parsing software, which enables criminals to obtain encrypted data traveling through live memory of a computer, where it appears as plain text.
It would appear some of these are well planned, comprehensive attacks. Conversely, some may be crimes of opportunity or convenience. Many retailers simply delay disclosing breach information as they feel it might hurt their business and public image.
Read more about the Target fall out from Reuters:
http://www.reuters.com/article/2014/01/12/us-target-databreach-retailers-idUSBREA0B01720140112
- Angie
Tuesday, March 10, 2015
The First Blog
Hi Blog Readers!
The purpose of this blog is to research and educate on the cyber security threats facing the retail industry. With the emergence of electronic payments online, and the ubiquity of credit and debit card transactions, the retail setting is a prime target for cyber criminals. This blog will hopefully shed light on the hacks from the past, and hopefully educate for the prevention of hacks in the future.
Happy Shopping! :)
Angie
The purpose of this blog is to research and educate on the cyber security threats facing the retail industry. With the emergence of electronic payments online, and the ubiquity of credit and debit card transactions, the retail setting is a prime target for cyber criminals. This blog will hopefully shed light on the hacks from the past, and hopefully educate for the prevention of hacks in the future.
Happy Shopping! :)
Angie
Subscribe to:
Posts (Atom)