WatchGuard Retail Comment In Relation to Recent Retail Security Breaches


David Higgins, Regional Director ANZ, WatchGuard Technologies, Comments in Relation to Recent Retail Breaches in Australia

Watchguard logo“The recent retail data breaches are a wakeup call for Australian businesses and distributed enterprises. Customer and internal information holds great value for Cyber Criminals and it’s currently worth their efforts to obtain it through malicious software and the exploitation of vulnerabilities within an organisation’s internal and external processes, networks and software platforms.

In April more than 3,500 breaches <>  were reported to the Australian Federal Police with threats set to increase. In addition to this, the average number of days taken to resolve cyber-attacks is 30 with an average total cost of $276,323 AUD <> .  As a result, implementing layered security systems with visibility and monitoring tools are delivering an excellent return on investment by mitigating these risks and allowing for effective network operation.

Among many other costly outcomes, breached organisations face extensive costs relating to operation down-time and recovery as well as damage to a brand’s credibility and customer relationships.

Every business, no matter how small, needs enterprise level security. Smaller suppliers are creating vulnerabilities within the supply chains of larger organisations and larger organisations are increasingly requesting their suppliers undergo comprehensive penetration testing to ensure that systems are well protected and will not pose a supply chain breach risk. Evaluating the lines of communication with business partners to eliminate weak links is essential and even the smallest of business partners can be a weak link as seen recently with retail based breaches in the United States <> .

It’s also important to consider that there is no protection when moving to cloud hosting services. Cloud hosting services are no more secure than connecting the internet directly to your website or your local network. There is no Intrusion Prevention, malware scanning, password brute-force detection and only minimal logging. Good coding (OWASP) is your first line of defence, as well as enterprise class UTM firewall security in front of your cloud services and your local network.”