Large retailers are likely to be subjected to an increased number of targeted attacks from organised cyber criminals. In order to ensure a firm is able to protect the data of its customers and the livelihood of its business, the company must start employing a proactive, as opposed to reactive, approach when it comes to enforcing better cyber security practices, says Fran Howarth, a senior analyst specialising in security at the Bloor Research Group.
Recently, it emerged that eBay had been hit by a cross-site scripting cyber attack, which redirects users to a spoof web site designed to steal their credentials. This is the second attack this year to hit the online retail giant after it suffered a massive security breach in February which resulted in 233 million people having their personal data stolen.
While the menacing nature of this attack will no doubt trigger much discussion, Howarth states that the real concern lies with who has been targeted: “The implications of a second attack on eBay will be very concerning to its customers, and ultimately it could have serious consequences on the organisation’s long-term future if it was to suffer from further attacks.
“The concern behind this is not so much the attack itself; it is how eBay has, or more so, hasn’t handled it. It took them 12 hours to respond after it was initially flagged by a customer, and given the attack they suffered earlier in the year, this could prove very damaging to the reputation and brand of the business.
“For the rest of the retail world looking in, they need to take note of what has happened, as attacks of this nature are likely to become more frequent. If proper precautions are not taken, they too could become targets for cyber criminals themselves.
“Largely, this represents a move away from the more opportunistic cyber attacks as we start to see more advanced targeted cyber attacks taking place that are more complex and harder to defend. Reacting to an attack is not enough – we need to see firms taking a more preventative approach when it comes to cyber security.
“Vendors are responding to this by bringing out new advanced automated detection and remediation options which can provide organisations with greater visibility over their networks and in-turn, provide them with the capabilities to make more informed decisions when it comes to cyber security. Adopting such an approach minimises the likelihood of pervasive incidents running amok and allows firms to contain and respond to any events earlier and quicker.
“For eBay, a lot of questions will be asked of the procedures it implements when it comes to cyber security. Hopefully this latest attack will also act as a catalyst for other firms to review their policies and ensure better cyber security. Countermeasures need to be developed and deployed that can help organisations defend against even the most advanced attacks.”
About Bloor Research
Bloor Research is one of Europe’s leading IT research, analysis and consultancy organisations, and in 2014 celebrates its 25th anniversary. We explain how to bring greater Agility to corporate IT systems through the effective governance, management and leverage of Information. We have built a reputation for ‘telling the right story’ with independent, intelligent, well-articulated communications content and publications on all aspects of the ICT industry. We believe the objective of telling the right story is to:
– Describe the technology in context to its business value and the other systems and processes it interacts with.
– Understand how new and innovative technologies fit in with existing ICT investments.
– Look at the whole market and explain all the solutions available and how they can be more effectively evaluated.
– Filter ‘noise’ and make it easier to find the additional information or news that supports both investment and implementation.
– Ensure all our content is available through the most appropriate channel.
Founded in 1989, we have spent 25 years distributing research and analysis to IT user and vendor organisations throughout the world via online subscriptions, tailored research services, events and consultancy projects. We are committed to turning our knowledge into business value for you.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.