Making headlines is typically a win for big brands. Unfortunately, the saying “all press is good press” does not apply to companies that experience data breaches. Organizations are at a greater risk than ever of being breached, setting an operational imperative to implement greater security protocol.
In the recently released “Data Risk in the Third-Party Ecosystem” study by Ponemon Institute, 59 percent of companies surveyed reported experiencing a data breach via a vendor or third party. The number is even higher for U.S. companies, totaling 61 percent—a 5 percent increase over 2017 and a 12 percent increase from 2016.
This trend is not promising.
Vetting Vendors to Mitigate Risk
The upward trajectory of third party breaches signals the importance of vetting vendors as well as the dangers of insufficient security within complex networks. The real problem for companies is that a vendor-related breach does not shift the blame; brands and institutions experiencing a breach, regardless of who is at fault, bear the brunt of negative consequences.
Staying one step ahead of cyberattacks requires collaboration and planning for third-party detection and mitigation.As the third-party landscape grows increasingly complex, it is essential for companies to track and inventory those relationships. According to Opus, a provider of global compliance and risk management solutions and sponsor of the Ponemon report, only 34 percent of companies working with third parties keep a comprehensive inventory of those parties.
Not If, But When
If the 2018 Thales Data Threat Report is any indication of the state of cybercrime, retailers (and anyone processing ecommerce payments) should note that breaches are a matter of “when”, not “if”. The report noted half (50%) of retailers report being breached in the past year—more than double the 19% breached in 2017.
Bad actors are becoming increasingly sophisticated and bold. As security and risk mitigation spending stalls among many companies, they have become sitting duck targets. This is especially true for U.S. retailers that deal in high volumes of personally identifiable information (PII) and payment card data, which is exchanged during transactioning.
Prescription: Encryption
Point-to-point encryption (P2PE) helps organizations streamline security and reduce PCI scope. What’s more, the cost savings generated typically far outweigh the cost of implementation. By encrypting data at the point-of-interaction (e.g., a point-of-sale system), no sensitive cardholder data passes through a merchant’s or institution’s POS as raw data. The data is decrypted wholly outside of the merchant’s or institution’s environment, either in the cloud or at an offsite data center.
This security framework accommodates online, offline, and emerging payments technologies, making omnichannel security seamless. Encrypting credit card data hedges against breaches; if a breach does occur, credit card info is rendered useless to hackers.
Pointing Toward Success
Improving data security is a multi-step process that includes getting executive buy-in, strategizing the best path forward, and implementing security frameworks and protocol without impacting business performance.
Arrow Payments can help.
Our team works with you to convey the importance of data security to key decision makers and to formulate a plan of action. We provide end-to-end strategy and implementation of state-of-the-art payment security solutions from the best vendors.
Our job isn’t done there; after we ensure all third-party software is integrated seamlessly, we continue to provide award-winning support.
Let us help you make the news for the right reasons.