In the wake of recent headline-grabbing breaches at retail chains, arguments quickly arose regarding what could be done in terms of prevention. Compliance, technology and regulations seem to be the overarching topics. However, could there be an overarching solution?
There's no denying the finger-pointing that has come about following these events. The blame game is mostly tied to the costs associated with breaches. Right now, fraud losses and other post-breach expenses are primarily covered by banks.
However, the retailer also has costs associated with supplying its customers with credit monitoring, as well as its brand reputation being affected. According to a study conducted by Javelin Strategy & Research (commissioned by security firm Identity Finder), of the 5,634 surveyed respondents, 33 percent indicated that they would avoid further business with a retailer following a breach.
drop in profits at Target in 4Q 2013,
compared with the year before.
Nonetheless, the discussion surrounding who should foot the bill, while meaningful and hotly debated, doesn't solve the overarching problem.
Many have argued in favor of legislation that will put pressure on retailers to step up their security game. Randy Marchany, CSO at Virginia Tech University, says that while he prefers that the government wouldn't get involved, the retail industry isn't doing enough to prove them otherwise.
“I wish it wasn't necessary for the feds to get involved but I don't see the industry acting in a manner to prevent that,” says Marchany. “I think the feds will enact legislation.”
But could such a complex issue involving technology be solved by legislation? Jeremiah Grossman, CEO at WhiteHat Security doesn't believe so. He says that with any security problem, it's all about who's in the best position to effect change. In this case, he thinks it's all about the card brands and payment card system, which has been in place since the 70s.
“They could effect change but they're incentivized against it because…it makes them a lot of money,” Grossman says. “The system is perpetually broken. We have to disrupt it and change the way we think about the problem and do business. Look how the bad guys transact now, they [do it] in Bitcoin. They already figured it out.”
Cyber criminals are still working to crack a dated system. The question is: Can all entities involved with this problem work together to ultimately produce a solution that will finally put security ahead of the game?