The Top Security Threats In The DACH Region
While no country or region is exempt from cyber attack and data breaches, in the DACH Region there are specific challenges for IT security professionals. The IBM / Ponemon benchmark research puts Germany in fourth place behind the Arabian region, India and the US for the highest number of lost or stolen records: 24,103, with 54% of these being as a result of a malicious or criminal attack.
A Frost & Sullivan market study into The Professionals’ Perspective: Cyber Security in the DACH Region concluded that the biggest challenges for IT professionals in the DACH region are a shortage of personnel and lack of resources. This has a significant impact on the ability of organisations to improve data breach prevention, and highlights a need to invest in training and in advanced analytics solutions and threat intelligence services.
The graphic below shows the most common security threats in the DACH region, identified in this report, with ‘CE’ denoting Core Europe:
In brief, here is how those specific security threats can effect retailers:
5 Security Threats For DACH Merchants
- Payment card skimmers: This device is fixed to an ATM or a payment card terminal, to obtain credit or debit card data, including the PIN.
- Point Of Sale Intrusions: Retailers are at most risk to this kind of security threat where cyber attackers compromise computers or servers that run POS applications.
- Physical Tampering: These are web based attacks were certain parameters in an organisation’s URL are changed so that when a customer visits the site they are unaware of any differences but their personal data can then be compromised.
- Use Of Stolen Cards: The consequence of this security threat is that retailers have to meet the costs of chargebacks when the consumer realises their payment card details have been stolen.
- RAM Scraper Software: Another POS threat used to steal card payment data.
The impact of these security threats on eCommerce merchants and digital retailers is obvious: customer data is compromised and fraudulent transactions increase. Preventative measures must be taken to protect both the business and customer data.
The three points below provide a starting point:
- Security Risk Assessment: Before implementing any preventative measures you should first assess where you may be at risk. Having identified any weaknesses you can then find the best solution for protecting those areas.
- Data Protection Policies: One essential aspect of preventing a cyber attack is to ensure that employees, contractors and suppliers are aware of your organisation’s risk management boundaries, and the acceptable and secure use of your organisation’s ICT systems. Data Protection Policies need to be clearly communicated, regularly reviewed and all parties trained accordingly.
- Only Keep Essential Data: It may be possible to militate against a data breach by removing or minimising the amount of data you store. For example, level 1 PCI compliant payment services providers can remove payment card data out of your business and into their secure environment.
With a shortage of professionals within the region to support online merchants with security and fraud solutions, we would advise organisations to seek partnerships with providers who do have this expertise in-house.
Payment Service Providers have extensive knowledge of the threat landscape across different regions and verticals; and can not only advise your business on how to keep payments safe, but also how to protect customer data and ecommerce systems.
If you need support in this area our team is available to discuss the unique challenges your business faces and provide insight into available solutions. Call or email: +44 (0) 808 274 3229 or [email protected]