Skip to main content
//empty //empty

A customer leaves a Home Depot store on Nov. 18, 2014 in Colma, Calif.

Justin Sullivan/Getty Images

Canadian retailers need to be vigilant in the face of an expected upswing in security breaches during the online shopping madness of Cyber Monday, according to a cybersecurity expert.

Retailers will want to ensure their existing security systems are up to snuff and they should perform updates on their periodic vulnerability tests if there is any doubt, says Raymond Vankrimpen, a partner at Richter Advisory Group Inc. in Toronto.

"They should make sure they have done recent vulnerability testing on their e-commerce platform," he said.

Story continues below advertisement

Cyber-attacks to obtain payment card and personal customer information for use in fraudulent purchases and identity theft are rising dramatically.

Among the more high-profile incidents recently reported are security breaches at 395 Dairy Queen stores and the theft of 56 million records at Home Depot.

A 2014 study by the Ponemon Institute that evaluated security-breach costs in the retail sector indicated that the cost is $105 per stolen record.

With the average size of a breach at about 30,000 records, the average cost of a cybercrime for the retailer is about $3.15-million.

Most cyber attacks in the retail sector fall into three patterns, according to Richter, citing data from Verizon's 2014 Data Breach Investigations Report:

• Denial of service: attackers use an army of botnets to compromise the availability of networks and systems; motives could be so-called "hactivists" making a point, organized crime demanding ransom or masking other hacking attempts

• Point-of-sale intrusions: remote attacks on systems handling payment card data; the information can be used on forged cards or for fraudulent transactions, or for identity theft

Story continues below advertisement

• Web application attacks: obtaining payment card information through phishing, brute force or other tactics

Canadian retailers would benefit from joining together and sharing cybersecurity intelligence, following the lead of the U.S. National Retail Federation, Mr. Vankrimpen said.

"It would be good to see something like that in Canada."

Smaller retailers who can't afford in-house cybersecurity operations or hiring an expensive outside firm might look into shared-pool managed security services that offer a single security operations centre for different clients, he said.

"Sharing intelligence makes sense," said Mr. Vankrimpen.

Report an error Editorial code of conduct
Tickers mentioned in this story
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed.

Read our community guidelines here

Discussion loading ...

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies