Abhi's Blog

Information Security: Indian Retail

Few days back a news flashed in Information Security circles that KMART one of the top brick and mortar retailers in America had a data breach i.e. they lost customer’s personal information and credit card/ debit card information due to a malware on their POS terminal (POS is point of sale terminal where we get our shopping billed at retail stores). This is not one odd incident as few days back HomeDepot lost 56 million customer records from date range Apr-14 to Sep-14 and then the list goes on from Dairy Queen to Supervalu and Jimmy John’s etc. The news catches me surprised every time since Target (another US retailer) breach, the US retailers have become much more stringent and cautious in handling customer data post Target data breach case and hired/purchased high quality Information Security resources to ensure such incident doesn’t repeat. No doubt the destructors are thinking a step ahead of the constructors here and that is always the case. The defenses are as good till the human brain ignores to breach through and as bad as one thoughtful geek sitting at the other side on the Internet to just slick through it. Americans are paranoid about their privacy unlike Indians hence any company where such breach happens has to be ready for class action suit of millions of dollars every time such a breach happen which is not good for any business across the world. So, what is happening in US is concerning not only for US citizens but for the rest of world as well, perhaps due to them being the most equipped ones with their laws and technology to defend such attacks but alas that couldn’t mitigate such breaches.

Why I’m talking about the US retail breaches? Few days back while shopping at More Superstore, the Aditya Birla company I got to see the operating system that they are using on their PoS terminal. No guesses required, it was Windows XP installed over the computer. Just to give you a bit of background to it, Windows XP was released 14 years back by Microsoft and is one of the most successful operating system Microsoft ever made, but the support to the operating system ended on Apr 4th 2014, which means Microsoft have stopped releasing the security patches for the operating system and hence it’s the most vulnerable operating system in the world for hackers to barge in. As the shelling was increasing at Jammu and Kashmir border the Pakistani hackers hacked multiple websites like Kerala superstar Mohanlal’s website, Chennai Medical College Hospital’s website and other few just to pass on their message. The thought of a similar attack over the aged More Supermarket systems and Big Bazaar systems sends the shiver down my spine as it may turn out to be one of the worst cyber security breaches in the history of world. We are and had been a lousy lot around our privacy and information security, we are willing to share every bit detail about our personal lives for a free ‘glass lemon set’ to anyone over the phone but any of such breaches won’t end at losing a glass lemon set only. India is world’s second big population and hence the data breaches may not just end in 2 digit millions in case the breach happened. Then why the companies are lousy in implementing the security of highest standards may be a question we should ask them. We in India have the privilege of getting the matured technologies and tested formulaes to apply in almost all the fields of scientific, engineering, telecom or manufacturing, however the big organizations are still not serious around importing the similar knowledge around Information Security and bolstering their defenses to ably fight any such attacks if it does happen in our system. Gone are the days when closing the eyes meant that we are hidden from the world, the employees at the retail stores need to be made aware about Confidentiality, Integrity and Availability factors of their work alongwith the maintenance of their and customers’ privacy. We need to wake up before we are woken up with a shock as government has been doing its bit in terms of IT Act 2000 and the amendments in 2008. There’s a lot that can improve with the time, but then those responsible needs to stand up for their own cause without government reprimanding them to do the same.
You must sign in to rate content.


There are no comments yet for this post.

Leave a Comment

You must be logged in to post a comment.