Retail sector faces serious IT security issues
The retail sector needs to set out its stall and ring the changes in its security vulnerabilities if it is to avoid the potential for hackers to gain unauthorised system access and disrupt service availability, according to NTA Monitor's 2008 Annual Security Report. The retail sector was the third worst out of the 10 sectors tested and saw the largest annual increase (25 per cent) in the average number of risks. Although five of the 10 industry sectors tested, avoided high risk vulnerabilities altogether, retail was the only sector to demonstrate an increase in high risks since the previous year, despite the fact that it is the sector with the highest level of interaction with the public. As a PCI Standards Council Approved Scanning Vendor, NTA Monitor knows only too well the serious situations that a company with significant security vulnerabilities can find itself in.
NTA Monitor's Annual Security Report analyses data from external Internet vulnerability tests conducted for worldwide organisations across a wide range of industry sectors, including charities, education, finance, government, IT, law and retail..
Roy Hills, Technical Director at NTA Monitor, says: "This lack of attention to security makes retailers vulnerable on many levels. High risk vulnerabilities are widely known and actively exploited by hackers leaving many companies susceptible to attacks such as a buffer overflow on a server, malicious code being executed or gaining unauthorised entry to the corporate network. The industry relies on customer loyalty so if a customer has their personal details stolen or a publicised security incident occurs, they are sure to tell many more people than if they had received a good service, which could result in a loss of custom."
NTA Monitor can advise companies on the specific issues that need addressing, but also has generic advice on how organisations can get their house in order:
- Apply patches and updates as soon as they become available to address the latest vulnerabilities
- Ensure that preventative action is an ongoing process
- Educate and make it a commitment for all staff, to be aware of Internet security issues
- Update the security policy regularly and ensure that it is publicised and communicated.
A copy of the NTA Monitor Annual Security Report 2008 is available on request from NTA Monitor, email marketing@nta-monitor.com
This article was first released on: 23rd June 2008