IBM: Attacks on retailers declined in 2014. Now the bad news…
The number of cyber attacks against retailers has dropped dramatically over the last few years, according to new data from IBM, but that’s no reason for security pros to celebrate. Hackers have merely changed their tactics, shifting the emphasis from quantity to quality, and their success has been disturbing.
IBM said 61 million records were stolen from retailers over the last 12 months. That’s down from 73 million a year earlier, but hauls are getting bigger. Excluding the handful of incidents that involved over 10 million records, notably the attacks against Target Corp. and Home Depot Inc., hackers got away with 43 percent more retail data in 2014 than they did the previous year.
Taken together with the fact that the average number of daily attacks recorded by IBM’s security outfit dropped more than one-quarter from 4,200 in 2013 to 3,043 last year, it’s clear that the typical breach has become more destructive.
The period that witnessed the biggest decline is the two-day shopping spree between Black Friday and Cyber Monday, which have consistently ranked as the biggest days for e-commerce. The number of breaches in that time frame plummeted 50 percent in 2014, which actually may indicate that a major breach was successful. News of attacks typically doesn’t hit the headlines until months later.
The well-publicized string of incidents that hit the headlines last year has pushed many retailers into shoring up their defenses, but cyber criminals are also getting more sophisticated. IBM found that the memory-scraping software used in the Home Depot and Target breaches has been supplanted by arbitrary command and SQL injections as the most popular means of attack, with the latter two techniques having accounted for the “vast majority” of hacks that the company recorded.
Big Blue placed blame for the deteriorating situation on the complexity of database deployments and the carelessness of security services professionals. Ironically, security pros who were surveyed in a separate study by ThreatTrack Security Inc. published in November said they’re more confident in their abilities than ever.
The survey indicates that retailers will not only have to improve their network protection but also the human dimension of security in order to adequately defend against the threats of the coming year. However, the recent revelations about the historic breach of JPMorgan Chase & Co. suggest that this is easier said than done for large organizations with sprawling infrastructure footprints often extending beyond the reach of the IT department.
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
