In response to the news that Tesco.com has experienced a data breach, Lancope CTO, Tim 'TK' Keanini says:
These events are about as hard to predict as the sun rising tomorrow morning.
The problem is not the fact that cybercriminals break into these networks, but that they can go undetected while they figure things out and ultimately exfiltrate the files without being seen. Having eyes on a popular text-sharing site is not an effective method of detection by anyone’s standard. In a recentsurvey performed by the Ponemon Institute on incident response, companies using the operational metric of Mean Time To Know (MTTK) was at a miserable 23% so it is just far too easy for cybercriminals these days to operate effectively.
This is not Tesco’s first security incident, and let’s hope they are experienced enough now to have in place the right telemetry for a timely and precise investigation – because the time to put up the security camera’s is not after the incident - if you know what I mean. Given the way the reports say the incident was discovered, it does not seem that they have the right technology in place when facing this advanced threat. Sadly, most retailers do not.
If these retailers would spend half the time on cybersecurity analytics as they spend on consumer analytics predicting buying patterns, the cybercriminals would have a very hard time being successful as their behaviour could be predicted and retailers would have more effective defences. This I believe is evidence that retailers do not feel like cybercrime is a part of doing business yet but how many more times will they need to be compromised before incident response is part of the business process?"