Like the massive data breach at Target in late 2013, the news last fall that a breach may have affected 56 million credit and debit cards at Home Depot made headlines, but according to EarthLink Chief Security Officer Peter Chronis, the number of data breaches in the last year was even higher.
“There were over 1,000 retail security breaches in the last 18 months,” Chronis said. “We heard a lot about those high-profile breaches, but we didn’t hear a lot about those 1,000 other retailers that were caught up in very similar circumstances.”
At the recent National Retail Federation’s Big Show in New York, EarthLink introduced its Secure Storefront solution, created to help retailers identify and protect against data breaches such as the ones at Target and Home Depot.
“We built the solution set designed to address those fundamental security weaknesses that were involved in those 1,000 security breaches,” Chronis said. “We took all of our experience in security and all of our experience in retail and merged them together.”
For most consumers, EarthLink is probably best known as a consumer Internet provider from the early days of Internet connectivity. But over the past two decades, the company has shifted focus from consumers to businesses.
“We’ve been protecting customers for over 20 years,” Chronis said. “As EarthLink transformed into this primarily business-to-business network and IT-services provider, those skill sets were really relevant. A lot of our customers were challenged with security issues, and they don’t have the benefit of the time, experience, the people, the process, the technology that we have. Over the years, we’ve built this security practice that’s customer-facing, and Secure Storefront is really a security solution-set that’s designed to help retailers across their entire IT eco-system and help them be secure not just with a secure network, not just with secure Wi-Fi but also help securing their IT systems, their point-of-sale equipment, their servers, their e-commerce infrastructure—really, everything. Secure Storefront is designed to help people with those general risks.”
Chronis called 2014 “the year of the breach.”
“Retailers today have more data on their customer than they ever had before,” he said. “That’s valuable to retailers because they can connect with customers in interesting ways, but it’s also valuable to criminals because they can sell that data and use it for malicious purposes.”
With Secure Storefront, retailers can get an assessment of their security issues and vulnerabilities to help them identify their highest risks and build an action plan, Chronis said.
This security assessment can be done on a one-time basis, but EarthLink recommends doing quarterly or semiannual assessments over a long period of time.
“Typically, we do these assessments over time and deliver some context,” Chronis said. He said he tells retailers, “Here’s where you are today, and here’s what we recommend fixing. We’ll be back in three months to see how you did. Or, if you’re not sure how to fix these things, we’ll help with that.”
To Greg Griffiths, EarthLink’s vice president of product alliances, there’s a disconnect between retailers’ security efforts and the threats to their data.
“There are so much resources being spent on security at the card swipe—and that’s all good. It’s way past time we did that, but if you go back through those 1,000 breaches, that would have done nothing to prevent the Target breach, let alone the majority of those others,” he said. “Those breaches occurred because there was a gap in the corporate network, usually through third-party vendor-access permission via remote into the network [or] a server that’s vulnerable that hasn’t had its patch management updated. If you really want to make sure your customers’ data is safe, you need to be addressing the most common ways people get into your network.”
At the NRF show, EarthLink also announced the results of a survey it conducted with the IHL Group and cosponsored with AirTight Network.
According to EarthLink, on average, it took 134 days between a security breach and detection of the breach. And the survey found that 89 percent of business that experience a data breach had failed an audit for compliance with PCI Security Standard, the set of data, payment and transaction standards set by the PCI Security Standards Council, a global forum launched in 2006 by American Express, Discover Financial Services, JCB International, MasterCard and Visa Inc.
EarthLink also looked at the benefits of in-store wireless access and found that most shoppers—86 percent—said they would spend more “for a better customer experience” and 80 percent of mobile shoppers are “influenced by the availability of Wi-Fi when deciding where to shop.” Furthermore, the survey found that 84 percent of smartphone shoppers said they use their phones in stores to help them shop.
“What we found out from the [IHL Group] study is although the majority of retailers have deployed Wi-Fi in their environments, and even though those retailers have seen a benefit and an increase in customer loyalty and an increase in sales with the deployment of Wi-Fi, very few were actually using the Wi-Fi to connect with the mobile consumer and engage them with one-to-one marketing and loyalty programs,” Griffiths said. “It’s a huge opportunity because the major cost associated with Wi-Fi is in the technology itself. If you’ve made the right decisions, it’s not that difficult to start collecting the data and those analytics.”
Most retailers are currently working on omnichannel and e-commerce strategies and looking for ways to connect that experience with their bricks-and-mortar efforts, Griffiths said.
“The best place to connect with somebody and get them on your mobile app and tied into your e-commerce strategies is right there at the store level—because you can invite them.”
EarthLink’s Wi-Fi solution helps retailers gather customer data such as time spent in the store and traffic patterns throughout the day. It can also allow the customer to connect to social media, which gives retailers insight into additional demographic data.
“It’s really powerful information,” Griffiths said. “Our retailers who are now reviewing that information after the holiday sales got a lot of insight in terms of staffing, catch-and-keep, how many people were actually in the store for a period of time and so forth.”
The next step, Griffiths and Chronis said, is to connect all this data in one system that allows retailers to analyze the information and “integrate all those customer experiences.”
“The data is available today,” Chronis said. “It’s just building the intellectual property to pull it all together and make it actionable.”