Retail Needs Better Hack Risk Understanding: Stasio

Your next video will start in

Recommended Videos

  • Info

  • Comments


Jan. 13 (Bloomberg) -- Bob Stasio, CEO at Ronin Analytics, discusses how retail is handling hacking attacks targeting customer data on Bloomberg Television’s “Market Makers.”

At target and neiman marcus.

So, i think what some of the retail companies need to do at the leadership level is have a better understanding of their risk.

Their board needs to come together and say what is the probability of an attack like this occurring and what is the severity of if it does occur?

How much money are we willing to spend to mitigate this risk.

You have made an important point.

I went to understand.

Visa was not the only one, of course, visa is a very big company.

Even after a warning like that, two warnings in six months, you believe that the target board and possibly the board at neiman marcus ignored it?

Is that what is going on, they are ignoring the risks?

I am not implying that.

I am saying maybe they did not understand the risk is, maybe their assessment of the risk was not correct.

Maybe they need additional measures in place.

I don't have access to either of those boards.

In general in cybersecurity, we find companies tend to be reactionary.

For example, i heard the target ceo talking to the media.

He said we do not know the full extent of this problem.

That is very telling.

If there were measures in place to actually monitor and understand the dynamic of the situation of the network, they perhaps could be able to tell and pinpoint the problem very quickly.

As opposed to spending weeks or months and investigating, having a costly investigation to figure out what occurred.

Is there anyway of knowing how deep the hackers can go?

We have not experienced this until the last 1.5 years.

It is not like you can look back to history and say this is what we did before.

The cybersecurity issue is so important now.

How can they get their head around how complex it is?

It has always been around since the internet has been around.

Since computers have been around, it is just more visible now.

This problem had existed previously.

What i would say, having awareness of your network.

What i advocate for is an intelligence based approach.

We use a mixture of technology and people who understand the threat.

We are able to detect a threat within minutes as opposed to days, hours, or weeks.

This is a different approach, you have to understand that no matter what static measures you put in place, an adversary can get in.

If man can make it, man can break it.

Here in america, we use magnetic stripe cards as opposed to smart cards with chips and pin numbers that they use in europe.

Until america moves to the chip and pin card, bob, what is your best advice to cardholders?

Should you be concerned about using your card at a retailer?

I would like to point out -- those are called emv cards.

They are not exactly foolproof, they are better.

They have their vulnerabilities as well.

For the average consumer, and a lot of it is you are kind of hiding in the noise.

If you were one of the hundred million people that perhaps had their credit card information stolen, you may not actually be the one to get the credit card sent to a malicious actor.

The best thing you can do is increase your security, two factor authentication with your credit card company, don't use public wi-fi to do banking transactions.

I use a vpn service that can pierce my communications.

-- that incorrect -- tha t encrypts my communications.

Who is selling this stuff, how much can a credit card get on the black market?

It eventually funneled into organized crime networks in russia or china, perhaps the u.s. credit card information is usually sold in bulk.

Kind of statements.

They can go for anywhere from two dollars and $100 per

This text has been automatically generated. It may not be 100% accurate.


BTV Channel Finder


ZIP is required for U.S. locations

Bloomberg Television in   change