April breaches bring May fraud…Traditionally, it’s the flowers that bloom in Spring, however, lately it’s been the season of breaches. Companies like Under Armour, Panera Bread, and Hudson’s Bay have all fallen victim to data breaches. With their personal and financial data sitting comfortably in nefarious hands, consumers must be rioting in the streets…or at the very least violently tweeting, right? Not exactly. Interestingly, consumers seem to have undergone a phenomenon known as “data breach fatigue”. After so many reported breaches, digital security failures, and companies’ inability to protect data, affected consumers respond apathetically… Due to the sheer number of successful criminal hacking attacks that have been reported as of late, it makes sense that consumers and security teams alike feel helpless in fighting this relentless burrage.
Okay, so no vocal outrage or protest from consumers, but what of share prices? According to Bloomberg , Hudson’s Bay stock fell roughly .45% the day after its breach but has since bounced back; similarly, Under Armour’s shares fell slightly but have bounced back to pre-breach prices. Are companies at all incentivized to ensure data security? Do consumers understand the gravity of their personal data being compromised? Let’s explore what happened (and is happening) with Hudson’s Bay.
This example speaks to the diversity of attacks a malicious hacker is capable of, extending beyond the simple act of stealing credit card info to include pulse-wave DDoS attacks (leading to website downtime), stealing account data (leading to refund/return fraud), and installation of POS malware (leading to stolen financial data – similar to Hudson’s Bay).
Now I am pretty sure the Hudson’s Bay security teams didn’t make a conscious decision to be vulnerable. They didn’t decide not to look for vulnerabilities, but they were probably challenged with lean resources and overwhelmed with relentless competing priorities. One of the greatest challenges the cybersecurity industry faces today is the lack of a competent and sufficient talent pool to defend against the growing number of attacks in recent years. Crowdsourcing these highly skilled hackers greatly offsets the talent shortage, giving every company access to the highest caliber in security researcher talent. And it can be easy to do.
So we’ve covered how crowdsourcing solves for the talent crisis, but what else does it have to offer? The answers are creativity, diversity, and scale. The different backgrounds of talented, ethical crowdsourced hackers ensures more angles, outliers, and edge cases captured while mimicking criminal attacks on your systems – all of which provide great insights into development and security priorities that can strengthen your business’s level of security preparedness. Another key advantage is the human element – getting real feedback from a hacker perspective, insights that would never come to light with legacy testing solutions. Mikhail Sosonkin, a member of our Synack Red Team , enlightened us with his thoughts on what is targeted, “Even if developers are writing good code, if there is bad communication within the company or within an industry, it can result in vulnerabilities. A few years ago, there was a thing with Amazon and Apple where they considered different parts of a credit card as personal identifiable information. As a result, it was possible to take over accounts.”
Perhaps most frightening of all in the case of Hudson’s Bay is that we don’t know fully what to make of it – what of the remaining credit and debit card records? How will the company and the consumers be affected in the long run? Taking a breach only at face value is dangerous – Take Equifax, for example. The company is expected not only to pay over $430 million in breach-related “cleanup” costs, but they’ve lost about a quarter of their value since their September breach.
At some point, once a company or a specific product proves to be incapable at protecting consumer data, consumers and the market in general will begin to lose confidence in it. It’s time to start enforcing the idea that product security is product quality. We can’t let Breach Fatigue spread its influence. In order to offer quality products and excellent customer experiences, effective cybersecurity practices need to be woven into the core of the business. By embracing the hacker perspective and leveraging the creativity and diversity of a crowd of skilled, ethical hackers, the retail and financial industries can defend against relentless cyber attacks in a scalable and practical way.
russian cvv shop cc cvv fullz