Skip to main content

The Globe and Mail

Canadian retailers should be wary of hackers on Cyber Monday: expert

A customer leaves a Home Depot store on Nov. 18, 2014 in Colma, Calif.

Justin Sullivan/Getty Images

Canadian retailers need to be vigilant in the face of an expected upswing in security breaches during the online shopping madness of Cyber Monday, according to a cybersecurity expert.

Retailers will want to ensure their existing security systems are up to snuff and they should perform updates on their periodic vulnerability tests if there is any doubt, says Raymond Vankrimpen, a partner at Richter Advisory Group Inc. in Toronto.

"They should make sure they have done recent vulnerability testing on their e-commerce platform," he said.

Story continues below advertisement

Cyber-attacks to obtain payment card and personal customer information for use in fraudulent purchases and identity theft are rising dramatically.

Among the more high-profile incidents recently reported are security breaches at 395 Dairy Queen stores and the theft of 56 million records at Home Depot.

A 2014 study by the Ponemon Institute that evaluated security-breach costs in the retail sector indicated that the cost is $105 per stolen record.

With the average size of a breach at about 30,000 records, the average cost of a cybercrime for the retailer is about $3.15-million.

Most cyber attacks in the retail sector fall into three patterns, according to Richter, citing data from Verizon's 2014 Data Breach Investigations Report:

• Denial of service: attackers use an army of botnets to compromise the availability of networks and systems; motives could be so-called "hactivists" making a point, organized crime demanding ransom or masking other hacking attempts

• Point-of-sale intrusions: remote attacks on systems handling payment card data; the information can be used on forged cards or for fraudulent transactions, or for identity theft

Story continues below advertisement

• Web application attacks: obtaining payment card information through phishing, brute force or other tactics

Canadian retailers would benefit from joining together and sharing cybersecurity intelligence, following the lead of the U.S. National Retail Federation, Mr. Vankrimpen said.

"It would be good to see something like that in Canada."

Smaller retailers who can't afford in-house cybersecurity operations or hiring an expensive outside firm might look into shared-pool managed security services that offer a single security operations centre for different clients, he said.

"Sharing intelligence makes sense," said Mr. Vankrimpen.

Report an error Licensing Options
About the Author
Quebec Business Correspondent

Bertrand has been covering Quebec business and finance since 2000. Before joining The Globe and Mail in 2000, he was the Toronto-based national business correspondent for Southam News. He has a B.A. from McGill University and a Bachelor of Applied Arts from Ryerson. More


The Globe invites you to share your views. Please stay on topic and be respectful to everyone. For more information on our commenting policies and how our community-based moderation works, please read our Community Guidelines and our Terms and Conditions.

We’ve made some technical updates to our commenting software. If you are experiencing any issues posting comments, simply log out and log back in.

Discussion loading… ✨