Wednesday Feb 05, 2014

Recent Breaches Prove Risks to Retail Industry Higher than Ever

Recent retail data breaches serve as a sobering reminder that the retail industry continues to be a key target of cybercriminals in 2014.

In fact, according to the recent Verizon Data Breach Investigations Report, nearly a quarter of all data breaches occurred in retail environments and restaurants.

What can retailers do to lower their risk?

Know Who Wants Your Data

The Verizon report demonstrates that there exists a relationship between industry, attack motive, and threat actor. Payment card data is often stolen from retailers by organized criminals from many different geographies. They are going for volume and so should you. Protect your biggest targeted assets first – your databases.

Know Where Your Data Resides and Who Has Access

Common attacks leverage legitimate user credentials to access sensitive databases and steal sensitive payment card data. Implement controls around what users have access to and enforce least privilege, especially in consolidated environments. Also, audit database activity to detect and stop unauthorized activity as well as collect critical forensic data that might be needed.

Develop a Security Inside Out Strategy

Despite following PCI DSS requirements, data breaches are a constant reminder that compliance is not enough to thwart a motivated attacker. Assess your existing controls to identify your company-specific vulnerabilities that put your organization's data at risk.

Oracle suggests retailers adopt a defense-in-depth approach to protect sensitive data from the inside out and future-proof against evolving regulatory requirements such as the new Payment Card Industry Data Security Standards.

To learn more about Oracle’s Security Inside Out approach and assess your data security posture for potentially disastrous vulnerabilities in your environment, please contact your Oracle Security account team to setup a complementary consultation. 

Nice Article on Oracle Data Redaction

Gavin Soorma provides a nice article on the new Data Redaction feature in Oracle Database 12c (and backported to 11g R2). Very nice blog-demo, complete with explanations and screenshots.
About

Who are we?

Follow us on

  • TwitterFacebookLinkedIn

Search

Archives
« February 2014 »
SunMonTueWedThuFriSat
      
1
2
3
4
6
7
8
10
12
13
14
15
16
17
18
22
23
24
25
26
 
       
Today