‘Simple failures of policy’ contributing to rise in cybercrime

UK retailers have said that fraud increased by 12 per cent year-on-year in 2013-14 and accounted for 37% of the total cost of crime during the period.

The level of cyber attacks suffered by the vast majority of retail businesses either increased or remained unchanged in 2013-14, with most companies surveyed for the British Retail Consortium (BRC) Retail Crime Survey 2014 saying that cyber-attacks remained a critical threat to their businesses.

According to the annual survey, theft of data and hacking were considered to pose the most critical cyber-related threats to retailers – but security companies have suggested that the industry is not doing enough to counter the threat of hackers and new digitally-aware criminals.

James Lyne, global head of research at Sophos, provided Essential Retail with a demonstration last week highlighting how simple it can be for hackers to steal customer information at the point of sale (PoS) in-store and online. He even suggested there are still retailers running their PoS on Windows XP, which is no longer maintained by Microsoft, the software company behind the program.

Alarmingly for the retail industry, criminals can purchase some of the equipment required to commit fraud at a variety of retail websites.

“Cyber criminal will go after low-hanging fruit,” he remarked, before explaining that many businesses operating in the retail sector still rely on what he perceives as bare-bone protection such as firewalls and anti-virus solutions.

Sophos released research last year which indicated that 87% of UK retailers are confident they have adequate security systems in place, although it found that 72% of them have not implemented fundamental technology to keep business and consumer data safe.

“For an industry responsible for holding and safeguarding so much sensitive customer data, it’s worrying to see the level of overconfidence and lack of awareness surrounding cybersecurity,” Lyne added.

“What amazes me is how often the breaches are the result of incredibly simple failures of policy, training or technology and not the result of cyber criminals being particularly clever.”

The BRC survey, which was published last Tuesday, showed that retailers reported 135,814 incidents of fraud in 2013-14, which was up 12% on the previous 12-month period. Fraud accounted for 17% of the total number of incidents and 37% of the total cost of crime during the year, costing the industry £223 million in total.

Over the past 12 months, credit and debit card fraud accounted for 81% of fraud by volume. Respondents estimated that 59% of fraud was perpetrated by organised groups, which was up 9% year on year.

Contrary to Sophos’s commentary, the BRC argued that retailers are making a commitment to tackling fraud. Its survey found that three-quarters of respondents now employ a third party to protect against online-enabled fraud, up from 50% one year before.

Cyber crime – which is defined by the BRC for its research as activity that utilises the internet to target data or other digital material in which the primary motive of the attack is to disrupt systems or services – is a different matter altogether. Although acknowledging that there is a range of government activity designed to prevent and tackle cyber crime, the BRC says it is currently “piecemeal in nature”.

The trade association said that making the UK more resilient to cyber attacks is crucial to ensuring the nation remains a world leader in eCommerce, but it has called on the National Crime Agency to share more intelligence about emerging cyber threats to the sector and the action that can be taken to prevent it.

The BRC’s crime survey said that the total direct cost of crime to the UK retail sector was £603 million in 2013-14, a jump of 18% on the year before. The survey sample covered 50% of the retail sector by turnover, with respondents ranging from large multiples to smaller retailers, including pure online retailers.

Helen Dickinson, BRC director general, commented: “Retailers have adapted to and embraced eCommerce to remain competitive.

“Unfortunately it has brought with it new threats, as criminal activity has responded to this shift. Businesses are increasingly the victims of crime committed online, such as cyber-enabled fraud.”

Reflecting on the moves being made to reverse the trend of rising retail crime, Dickinson added: “Although there remains at times a lack of confidence amongst retailers about the service they receive from police and the criminal justice system, businesses are keen to work with partners to reduce retail crime.

“Whether it is shop theft or online fraud, tackling crimes affecting retailers benefits everyone. Closer partnership work between the police and businesses achieves more effective, efficient results, the burden on local employers and their workforce is reduced, and our whole community becomes safer.”

Sourse: essentialretail.com