Tangible’s services are centered around ethical hacking to protect the interests of retailers from actual threats, provide the realistic perspective of actual penetrations, and prioritize security needs in a way that helps avoid unnecessary and costly investments based only on theoretical possibilities. We can help discover and fix exploitable vulnerabilities BEFORE hackers do.
- Gap Assessment
- Enterprise Penetration Test (optional but highly recommended)
- Remediation Guidance
- Formal QSA Assessment
- Maintenance Activities
- Additional steps may include:
- Satisfying annual PCI requirements for penetration testing
- Tailored development of a total security program
- Quarterly vulnerability scanning with analyses and prioritization of findings
- Selecting, implementing and/or monitoring Secure Information and Event Management (SIEM) capabilities
Analysts and pundits state that “Retail cybersecurity breaches are becoming a dangerously familiar backdrop to the holiday season, making identity-theft threats as predictable as Black Friday but with devastating losses for stores, financial institutions, and shoppers.”
Major news outlets have reported that information from the credit and debit card security breach have flooded black markets.
Reports estimate that “Hackers cost businesses as much as $250 for each credit-card number stolen in the form of legal bills, computer-consulting fees, bad publicity, and restoring customer relations…”
For retailers, the worst news may be that PCI compliance, though costly, does NOT guarantee that their interests are protected from cyber attacks, and they need more and better information to succeed—the type of information that only ethical enterprise hacking can produce.
Target Corporation, the nation’s second largest retailer behind Walmart, presents a worst-case example. Forty million customers had to be notified at the height of the shopping season that hackers had illegally obtained access to their credit card information. Subsequently, Target announced that phone numbers, addresses, and other personal information may also be at risk—and the number affected may reach 100 million shoppers.