Retailers remain a top target for cybercriminals

Although recent media attention has been focused on the rising threat of state-backed cyber espionage, financially motivated criminals still compromise the majority of threats to business data security. Verizon's recent "2013 Data Breach Investigations Report" found that retailers are especially vulnerable to cyberattacks launched by hackers looking to access sensitive information that can be leveraged for financial gain.

Financial cybercrime outpaces espionage
According to the study of 621 data breaches and more than 47,000 security incidents that occurred last year, financially motivated cybercrime was responsible for 75 percent of those reported events. In comparison, cyberspying attacks accounted for 20 percent of breaches. Although critical institutions such as energy companies and government agencies should still be concerned about cyber espionage, the numbers show that sectors that stand to offer more financially are at a greater risk to experience a breach. Cybercriminals targeted a wide range of victims in 2012, but the retail and restaurant industries accounted for 24 percent of all reported network breaches.

Cybercriminals employed a number of different attack methods when assaulting company network defenses, but hacking remains their most popular strategy. Fifty-two percent of data breaches involved the use of hacking implementations.

One finding that could give data security professionals cause for concern was the amount of time that was needed to identify infections.

"[T]he compromise-to-discovery timeline continues to be measured in months and even years, as opposed to hours and days," the report's press release stated.

PCI compliance presents a good data security starting point
According to Computerworld Hong Kong, Verizon representative Paul Black suggested that retailers should pursue Payment Card Industry (PCI) Security Standards council compliance as a first measure to crafting best practices and implementing data security solutions. Black cautioned, however, that enterprises should keep their compliance statuses up to date, as technological and cybersecurity advancements necessitate continual upgrades.

A key component of PCI security standards is the implementation of data encryption software by retailers. The council suggests that enterprises employ the technology to protect sensitive customer and company information in the event that a cyberattack breaches network defenses.

"If an intruder circumvents other security controls and gains access to encrypted data, without the proper cryptographic keys, the data is unreadable and unusable to that person," the council's "PCI DSS Requirements and Security Assessment Procedures" read.

The organization also stressed the need for encryption solutions while transmitting sensitive data such as customers' payment information over a network connection.

"Sensitive information must be encrypted during transmission over networks that are easily accessed by malicious individuals," the council recommended. "Misconfigured wireless networks and vulnerabilities in legacy encryption and authentication protocols continue to be targets of malicious individuals who exploit these vulnerabilities to gain privileged access to cardholder data environments."