Are Your Retail Industry Systems and Data Secure?

241 views

Published on

Recent high-profile data breaches experienced by several national retailers have heightened concerns already pres¬ent among board members, CEOs, CFOs and CIOs that their companies’ confidential data and/or customers’ personally identifiable information (PII) may be exposed.

These concerns are, without question, well-founded. The cost to an organization that experiences exposure of private customer or consumer information can be in the hundreds of millions, if not billions, of dollars.

What boards and executives need more than anything today is a high level of confidence that their company won’t make the next big data breach headline and suffer the financial and reputational consequences, along with the impact to operations. But how can board members and executives gain this confidence and ensure their data is safe? Simply being in compliance with applicable laws and regulations does not translate into being secure. You need an in-depth, multilayered approach that goes beyond “checking the box” to ensure the strength and security of your network.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
241
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Are Your Retail Industry Systems and Data Secure?

  1. 1. Recent high-profile data breaches experienced by several national retailers have heightened concerns already pres- ent among board members, CEOs, CFOs and CIOs that their companies’ confidential data and/or customers’ personally identifiable information (PII) may be exposed. These concerns are, without question, well-founded. The cost to an organization that experiences exposure of private customer or consumer information can be in the hundreds of millions, if not billions, of dollars. What boards and executives need more than anything today is a high level of confidence that their company won’t make the next big data breach headline and suffer the financial and reputational consequences, along with the impact to operations. But how can board members and executives gain this confidence and ensure their data is safe? Simply being in compliance with applicable laws and regulations does not translate into being secure. You need an in-depth, multilayered approach that goes beyond “checking the box” to ensure the strength and security of your network. Insight We leverage our deep experience and key learnings, together with leading retail industry security practices, to help clients assess and strengthen their data security measures and respond to incidents quickly to curtail damage before it spreads. We can help you answer the following critical questions: • Have you already been breached? Would you know? Most companies don’t know they have had a breach until months later. As part of a comprehensive analysis, we look for signs of one or more potential intrusions. We review your network traffic and system configurations to identify any anomalous behavior that would indicate an active breach. We can also perform forensic analysis and assess whether any malware is present in your POS systems. • If you have not been attacked or breached yet, do you know that your systems can stand up to a targeted cyberattack? We conduct a detailed review of your organization’s data security system from a security breach and prevention perspective, not just compliance perspective. We ensure you have leading and best practices (including those specifically focused on retail POS and e-commerce vulnerabilities) in place to help prevent a breach from occurring or reoccurring. • Are you ready to respond? In our experience, organizations often lack strong response plans, which makes a breach worse. We are able to leverage our experience to help companies develop or enhance their response plans to respond effectively and minimize the damage. Protiviti has responded to some of the most signifi- cant security breaches in the last decade. Numerous companies have turned to us for critical help with their responses to cyberattacks. Not only are we one of just 12 firms qualified by the PCI SSC to perform an inves- tigation, but we also are qualified as an investigator in the United States as well as Europe. Impact Security is a lot more than having a strong firewall. It must be applied to all layers in the organization, not just focus on preventing access through your “outer shell.” Cyberattacks can and do incorporate a broad range of malevolent actions, in what is often described as a “kill chain” of events. This kill chain includes not just the initial intrusion, but also key steps such as identifying data locations, exfiltrating data and persisting undetected. The right security best practices can identify and disrupt a cyberattack at the perimeter and also prevent a data breach even if the attacker gets past your first layer of defense. It is critical for your organization to understand where it is vulnerable and establish strong security processes and measures to ensure your data remains safe. As part of this effort, we can help you to determine whether industry best practices are applied to each layer within your organization and implement security measures that address the entire breach kill chain. Are Your Retail Industry Systems and Data Secure? Detecting Breaches and Unauthorized Access POWERFUL INSIGHTS
  2. 2. PROVEN DELIVERY How We Can Help We can provide you with additional confidence that your organization has taken appropriate actions to protect itself from targeted cyberattacks and that you are not already a breach victim. Protiviti is a certified professional forensics investigator (PFI) under the PCI Forensic Investigation Program, as well as an authorized PCI QSA, PA-QSA and ASV, with considerable experience in the retail and credit card space. We have a demonstrated track record of helping companies react and respond to security incidents, establish security programs, strengthen identity and access management practices, and handle retail-specific data security and privacy issues. We know how to combine speed and precision to minimize the impact to your business. We work quickly to assess the extent of the damage, contain it, collect and analyze information about the event, eradicate it, and help you recover so you can resume normal operation quickly and efficiently. Our computer forensics team will preserve and examine the information pertaining to the impacted systems and support you in any legal actions you decide to take. We invite you to explore the various IT security and privacy services we offer: • Security Strategy & Program Management Services • Identity and Access Management Services • Data Security & Privacy Management Services • Vulnerability Assessment • Security Operations & Implementation Services • Incident Response & Forensic Services © 2014 Protiviti Inc. An Equal Opportunity Employer. PRO-PKIC-0114-145 Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. About Protiviti Protiviti (www.protiviti.com) is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit. Through our network of more than 70 offices in over 20 countries, we have served more than 35 percent of FORTUNE 1000® and FORTUNE Global 500® companies. We also work with smaller, growing companies, including those looking to go public, as well as with government agencies. Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P 500 index. Contacts Rocco Grillo +1.212.603.8381 rocco.grillo@protiviti.com Scott Laliberte +1.267.256.8825 scott.laliberte@protiviti.com Jeff Sanchez +1.213.327.1433 jeffrey.sanchez@protiviti.com Cal Slemp +1.203.905.2926 cal.slemp@protiviti.com Ryan Rubin +44.20.7389.0436 ryan.rubin@protiviti.co.uk

×