Twitter
Facebook
Linked In
RSS
Login or Register
New to InternetRetailing?
Register Now
Internet Retailing
IREU Top500 Brand Engagement Dimension Report 2018

IREU Top500 Brand Engagement Dimension Report 2018

This is your 1 complimentary article for this month

Become a member for unlimited and immediate access.


Register
Already a member? Log in here

Tesco hits headlines as 2,000 passwords are shared online

Linked InTwitterFacebookeCard
Tesco has hit headlines after logins and passwords to its online shopping site, Tesco.com , were posted on the internet by hackers.

The supermarket, which is the UK's biggest retailer, is reported to have deactivated some customers' accounts following the hack. It's understood that hackers have compiled customers' account details and passwords using details taken from other sites and then posted them online. Tesco is now investigating the breach.


This isn't the first time Tesco has hit problems when the security of its customers passwords have been breached. In 2012 questions were raised about the way it stored its customers' data at the time. But this time it seems to be different: there are no questions raised about how it has stored data. The question is rather about how its customers use the same password details on different sites.

But Lancope CTO, Tim 'TK' Keanini says Tesco should have been better prepared. "These events are about as hard to predict as the sun rising tomorrow morning," he said.

"The problem is not the fact that cybercriminals break into these networks, but that they can go undetected while they figure things out and ultimately exfiltrate the files without being seen. Having eyes on a popular text-sharing site is not an effective method of detection by anyone’s standard. In a recent survey performed by the Ponemon Institute on incident response, companies using the operational metric of Mean Time To Know (MTTK) was at a miserable 23% so it is just far too easy for cybercriminals these days to operate effectively.

"This is not Tesco’s first security incident, and let’s hope they are experienced enough now to have in place the right telemetry for a timely and precise investigation – because the time to put up the security cameras is not after the incident. Given the way the reports say the incident was discovered, it does not seem that they have the right technology in place when facing this advanced threat. Sadly, most retailers do not.

"If these retailers would spend half the time on cybersecurity analytics as they spend on consumer analytics predicting buying patterns, the cybercriminals would have a very hard time being successful as their behaviour could be predicted and retailers would have more effective defences. This I believe is evidence that retailers do not feel like cybercrime is a part of doing business yet but how many more times will they need to be compromised before incident response is part of the business process?"

Linked InTwitterFacebookeCard

Become a Member

Create your own public-facing profile
Gain access to all Top500 research
Personalise your experience on IR.net
Internet Retailing
We are the magazine, portal and research source for European ecommerce and multichannel retail, hosting the board-level conversation for retailers, pureplays and brands across all of our platforms. Join the conversation.

© InternetRetailing Media

Latest Tweet

Internet Retailing
Tamebay
eDelivery
Twitter
Facebook
Linked In
Youtube
RSS
RSS
Youtube
Google
Linked In
Facebook
Twitter