Word count 3000 Please see attached files. look at Question.pdf

Court proc eedings in October 2007, revealed that approximately 94 million TJX customers were affected by the cyberattack , which is more than double the initial estimate (Pepitone, 2014) . TJX has agreed to pay approximately $40.9 million to several financial institutions as result of the breach. In addition to the agreement, an alternative recovery offer was made to 16 qualified U.S. Visa card banks that supplied credit/debit cards possibly affected by the compromised TJX computer systems. T he settlement was contingent upon 80% of the card issuers accepting the alternative recovery offer by December 19, 2007, after the terms were accepted payouts were to be made on December 27, 2007 (McGlasson, 2007) . According to the settlement, TJX agreed to pay back banks that supplied Visa credit/ debit cards compromised in the cyberattack , in return these banks would not any legal action against TJX and Fifth Third Bancorp of Ohio, which is the financial institution responsible for handling TJX's transactions (McGlasson, 2007) . Target . In a multistate settlement involving 47 states , that included California and the District of Columbia, Target was ordered to pay $18.5 million in damages. This was dee med the largest data breach in 2013. The settlement established new industry regulations for retail businesses that process credit/debit cards and keep records of their customers’ personal information (McCoy, 2017) . As a re sult of the settlement , California was granted over $1.4 million from the settlement . According to California Att orney General Xavier Becerra , the settlement money would be used to implement consumer protection laws. Becerra also explained that Target was also ordered to designate an executive to establish a “ comprehensive information security program” and consult the retailer’s C -suite, (Masunaga, 2017) . The settlement also required Target to deploy additional cybersecurity measures, such as payment card encryption, password rotation policies, two -factor authentication for select accounts , and employ ment of a third party vendor for a complete security assessment . According to the company , it was delighted to resolve the issue for all parties involved (Masunaga, 2017) . The breach caused CEO Gr egg Steinhafel to resign from his executive position , and a drastic decrease in Target’s sales and productivity . Since the breach, Target has increased its security 17 procedures and settled additional lawsuits associated with the 2013 attack , as well as one from major credit card company Visa (Masunaga, 2017) . Home Depot . As a result of the 2014 data breach, Home Depot agreed to pay $27.25 million to all financial institutions involved in the breach. However, it was estimated that the retailer would pay as much as $179 million or more after legal fees and any additional payouts were factored into the equation (Seals, 2017) . The attack on Home Depot was considered the largest POS and credit -card breach of 2014. Legal documents from the settlement specified that financial institutions that file d valid claims would receive $2 per compromised credit/d ebit card without requiring proof of loss, despite any additional reimbursement they may have received from an alternate source (Seals, 2017 ) . Financial institutions that were able to provide proof of loss were eligible to receive an extra “documented damages award” of about 60% of their unpaid costs (Seals, 2017) . KMART . U.S. District Judge John Z. Lee ordered KMART to pay $5.2 million in damages for the 2014 data breach. The settlement concluded the dispute between KMART and 178 financial institutions. Judge Lee also approved $1.7 million in attorneys ’ fees and requested a spreadsheet detailing the exact amount each financial institution was to be paid for losses incurred from the 2014 b reach (Corso, 2017) . The complaint was filed by credit unions, banks, and other additional financial inst itutions on the claim that Kmart failed to place sufficient security measures in place in spite of the recognized risk of a cyberattack . The plaintiffs involved were obligated to terminate or reissue compromised credit/debit cards and refund cardholders to resolve unauthorized transactions, as a result of the breach (Koo, 2017) . The amount of damages and loss created by cyberattacks in a retail setting can easily escalate to millions of dollars. The customers, financial institutions, and legal representatives 18 must be compensated for their troubles. Retail businesses must quickly assess a cyber attack and effectively take action to prevent further devastation. When it comes to cybersecurity it is better to be proactive rather than reactive. 19 DISCUSSION OF FINDINGS Introduction to the Discussion of Findings This paper discusses t he different types of cybersecurity threats to retail businesses and their need for information security protec tion. Additionally, it will address the aftermath of the attacks, and the available resources that retail businesses can implement to mitigate further cyber threats. The Discussion of Findings will discuss the themes identified in the Literature Review and how they answer the Research Questions. Theme One: Cyber T hreats Research question one: What are the cybersecurity threats in the retail industry? As mentioned in the Literature Review, there are several categories of cybersecurity threats in the retail industry. Crimeware Crimeware can be used in several ways. By rerouting consumers’ web browsers to fake websites that are managed by the hacker, th e consumers’ ability to access goods and services is interrupted, if not ceased. The hacker can use Crimeware to gain remote access to consumer’s web applications, and by doing so they can obtain complete network control. If the hacker is able to gain acce ss to the network, they can then encrypt information found on a particular computer or group of computers and hold them ransom forcing the user to purchase decryption software.

This can easily cost hundred s, thousands or even millions of dollars. Ransomwar e is becoming hackers’ crime of choice due to ease of distribution compared to other malicious software such as POS malware. The number of identified ransomware attacks made a huge leap from 4 million in 2015 to 500 million in 2016 (Conner, 2017) . Hackers can also use Crimeware to send email malicious attachments that can be distributed to other computer users on the network, and as a 20 result , spread the contamination. According to a report by FireEye, the following crimeware var iations as the top 5 most frequently identified in the retail and consumer goods industry: 1. 29% H -WORM : H-Worm was created by an individual referred to as Houdini. H-Worm is a Visual Basic Script (VBS) and Remote Access Trojan (RAT) threat that whose purpose is to gain control of a computer from a remote location (Enigma Software Group USA, LLC. , 2017) . In the past, H -Worm has been in attacks against international agencies in the energy industry and spam email attacks on individuals. It can vary in level of obfuscation . After the H -Worm has been installed in a c omputer, it will connect with a remote server, transmit proof of identity, and recover its directions (Enigma Software Gro up USA, LLC. , 2017) . H -Worm will then allow the hacker to engage in numerous activities on the infected computer such as downloading and installing files. It will also give the hacker the ability to hide its presence from the authorized computer user . H- Worm can also obtain passwords and gain access to company applications. H -Worm can be disseminate d through external devices , compromised email attachments, or corrupt links . H-Worm is can even be used by individuals or groups who lack advanced computer skills (Enigma Software Group USA, LLC. , 2017) . The user friendly control interface makes it easy for hackers to control H -Worm and a popular choice of attack. Retailers can protect their computer networks from an H -Worm attack by keeping security so ftware updated. Since H -Worm is an older threat, many current s ecurity systems should be able provide protection against the RAT by monitoring and cutting off the attack.  20% ASPROX : A botnet that made its first appearance in 2 007, usually associated with airline tickets, po stal services, and license keys (FireEye, Inc. , 2015) . ASPROX lure s targets to open emails and download malicious software programs to their computer. 21 According to M86 Security firm , A SPROX is can execute SQL injection s, and increased its presence on application service provider (ASP) sites from 5,000 to 11,000 in one night (FireEye, Inc. , 2015) . Retailers need to remind their employees not to open emails from unknown s enders or download any software without IT approval. ASPROX ’s previous use was limited to spam emails , however it eventually progressed to SQL i njection attacks and website takeovers . In 2015, a number of reports questioned whether ASP ROX was still an active threat.  19% PALEVO : A worm that is distributed by detachable drives, network shares, P2P, and chat programs. Compromised computers connect over UDP port 53 (FireEye, Inc. , 2015) . PALEVO worms date back to 2009 , however it only received recognition February 2010, after a few of the hackers responsible for the Mariposa botne t were arrested . The victims of the Mariposa botnet were corporate businesses from all over the world. PALEVO malware can download data, steal usernames and passwords, account numbers, and confidential business information. PALEVO can also launch DDoS attacks.

There are a number of ways that that PALEVO can make its way on to a victim’s computer. It can be spread through P2P applications, mobile devices, and messenger applications. PALEVO malware can normally be found in folders with file settings set to Hidden, Read -Only, and System, (Abendan, 2011) . PALEVO malware can link to specific web sit es and transmit commands from C&C servers that are controlled by the hacker . These commands can range from downloading files, steal web browser passwords specifically for Internet Explorer and Mozilla Firefox , port scanning, and execute UDP or TCP flooding . Once a computer has been compromised, it then becomes susceptible to future threats. It is imperative that the victim change their credentials as 22 soon as po ssible after they are breached. Remote users will turn target computers into zombies without the a uthorized user’s knowledge (Abendan, 2011) . PALEVO can result in more network traffic, and once a system is breached hackers can access usernames and passwords. Hackers can also spread the attack to other associated computer systems.

Some variations of PALEVO are also able to launch DDoS attacks on multiple systems simultaneously. This can prevent authorized users from continuing regular business operations (Abendan, 2011) .  18% KOREDOS is a trojan that is capable of encrypting user files, causes damage to the master boo t record (MBR) , and forcing compromised systems to engage in distributed denial of service attacks (DDoS), (FireEye, Inc. , 2015) . KOREDOS attacks normally involve a C&C server that transmits commands to the target computers . The commands are found within the threat. Due to the number of components in the attack, it is considered to be one of the more sophisticated cyber threats. The .dll file is responsible for damaging the MBR on the target computer. At this time, KOREDOS att acks have waned down and the any sites that were previously affect by the trojan can now be accessed without problems (Imano, 2011) . However, computers have not been scanned and cleared for KOREDOS can find themselves experienc ing an attack long after the first infection. KOREDOS changes files so that the characters reflect only zeros, and if the files size is larger than or equal to 10,485,760 bytes, KOREDOS will erase the files. If the file does not meet this criteria, KOREDOS will generate a file does not meet the criteria a .cab file using the original file name, and replace the original file. Files that are erased may be restorable, however those files that have been overwritten with zeros are 23 ineligible for restoration (Imano, 2011) . KOREDOS also damage the MBR and infected computers can survive the breach for only 10 days if they are not sterilized.  14% ZEUS is a trojan that is also known as Zbot that was essentially created to steal financ ial credentials (FireEye, Inc. , 2015) . Zeus is usually spread through spam emails and corrupt download links. Victims may receive emails that claim to be from financial or social media entities. These messages inform the victi m that their credentials have been compromised. The messages will also provide a corrupt link that will infect the victim’ s computer and steal information. Hackers can design Zeus to steal any type of information from the victim’s computer including online usernames and passwords by modifying configuration files that are compiled into the Trojan installer (Pilici, 2017) . These files can also be updated at a later time in order to capture additional information if the hacker chooses to do so . Hackers can obtain private information through several approaches . In one approach, Zeus will automatically collect the passwords from Internet Explorer, FTP, POP3 that are enclosed within Protected Storage (PSt ore) , (Pilici, 2017) . Although Zeus’ most successful approach for collecting information remains to be observing websites found within the configuration file. Zeus will interrupt authentic website operations, and add unauthoriz ed fields in order to collect private information from customers. Zeus can also communicate with a C&C server and cut off power to, or reboot target computers , erase system files, and cause the computers to become nonfunctional (Pilici, 2017) . 24 Insider Threat The Literature Review covers the three main types of Insider Threats: 1. Human Error: Mistakes made by employees or third -party associates play a huge role in cyberattacks , which range from sending emails containing con fidential information to the wrong recipients, to sending confidential information to home systems using personal email addresses, to theft of work devices containing login accounts and passwords. 2. Leaked passwords: Employees with the intent to damage the b usiness’ reputation by stealing or leaking confidential information and/ or passwords to outsiders. 3. A Wolf in Sheep’s Clothing: Hackers or cyber thieves steal the identity of an employee by using malware or phishing attacks to compromising their system. Ot hers utilize stolen credentials that they have collected from their victim’s social accounts (Zadelhoff, 2016) . The insider threat to a retail business is one of the most dangerous and imminent cyber threats. As an employee or third party affiliate, users have access to a significant amount of online or digitalized data because they supply the retailer with goods and services . Employees are assigned workstations which more often than not include some type of computer, laptop, o r mobile device. These devices store company statistics, customer databases, payment accounts, and other confidential/privileged information. Insider threats are given the authorized computer access to modify and erase company data. They can also provide o r sell their login credentials to motivated hackers or cyber thieves. 25 Web App Attacks Web application attacks are intended to exploit any software flaws or shortcomings that present in the actual protocols and applications (NSFOCUS, n.d.) . These attacks try to interrupt service by overwhelming memory, CPU, or storage resources found in the servers that are running the application, ultimately making the application inaccessible to authorized users. Web attacks can also crash the application by transmitting malicious communications or unanticipated input to the application. Examples of Web application attacks include : SIP header manipulation attacks, HTTP GET/POST attacks, and SQL injection attacks (NSFOCUS, n.d.) . The retail industry ranked third place for the highest number of vulnerabilities clearly illustrating the cyber threat of web applications (Franko, 2017) . Every day, more technological advances are made. In order to keep up with the times and continue to make revenue, retail businesses must have a significant online presence. The convenience of having goods and services available at the tip of your fingertips is key. Retail businesses can reach consumers that are p hysically unable to travel to the store. This urgent need to have an online presence makes retail businesses more vulnerable to a cyberattack . 205 days to repair vulnerabilities is a substantial amount of time in which a retail business can remain accessib le to the hacker and susceptible to a greater breach of information security (Franko, 2017) . DoS Attacks When it comes to DoS attacks, hackers will stop users from accessing the retail business’ online services. This means that consumers will be unable to purchase goods or services on the retailer’s website. The Literature Review lists the following basic Do S attacks: 1. Flooding the network to interrupt and halt legitimate network traffic 26 2. Disrupting the network connections between two devices, and in turn denying the use of a service 3. Blocking a specific user from using a service 4. Discontinuing a ser vice for a specific individual or user 5. Interrupting the state of information, like resetting of TCP sessions (Techopedia Inc., 2017) Participation in E-commerce is essential for a successful retail business. DoS attacks create frustration, loss of rev enue, and missed sale opportunities. Over time, the retail business’ customer database will deplete as a result of a decrease in customer trust and loyalty. There are direct and indirect costs of a DoS attack to the victim. Generally, direct costs like direct revenue are easier to quantify and can be linked to the attack instantly. Whereas indirect costs such as damage to the brand and loss of customers, are much harder to spot and their consequences almost always go undetected for weeks, months or even y ears following the initial attack (NSFOCUS, n.d.) . Many assessments and reports have been conducted to study the cost of DoS attacks. Although the outcomes of these studies differ based on several factors including industry, si ze of the business, security budget, etc., the cost is strongly related to the duration of the outage produced by the DoS attack (NSFOCUS, n.d.) . T he amount of downtime after a D oS attack is approximately 54 minutes and the cos t for each minute of downtime is approximately $22,000. However, the cost per minute of downtime can vary from $1 to over $100,000 per minute (NSFOCUS, n.d.) . POS Security Issues One of the leading sources of stolen payment car ds for cybercriminals is Point -of-sale malware. The threat of POS malware originated 2005, since then attackers improved their 27 techniques, and successfully breached around 100 million payment cards in the United States between 2013 and 2014 (Symantec Corporation, 2014) . The escalation of POS attacks is partially due to the availability of POS malware kits on the Dark Net. Attackers can buy tools that can potentially easily cost them millions of dollars. Although there have been major developments in card security and PCI Compliance standards, there are still deficiencies in the security of POS systems (Symantec Corporation, 2014) . As discussed in the Literature Review, hackers steal customer inform ation in one of two methods , and then return to the Dark Net to sell the information to a third party (Rouse, 2015). The hacker can either infiltrate the databases where the information is stored or obtain the data during the checkout process (Rouse, 2015). Similar to consumers not needing to set foot inside the store, POS malware allows hackers the ability to gather information without ever having the comfort of their workstation. This along with other general security vulnerabilities in corp orate IT infrastructure means that retail businesses are unprotected against creative and organized hackers (Symantec Corporation, 2014) . Although there have been major improvements in card security technologies and PCI - DSS requirements, holes in the security of POS systems still exist. They include: • Accessibility – breaches caused by direct access to POS systems along with the corporate network. • Lack of point -to-point encryption (P2PE) – no credit card number encryption in the POS system and numbers can be found in plain text within the memory of the POS system (Symantec Corporation, 2015) . • Software vulnerabilities –older operating systems, such as Windows XP or Windows XP Embedded, these systems are more vulnerable to attack. 28 • Susceptibility to malicious code – Many POS systems run on a version of Windows, therefore they are susceptible to any malware that runs on Windows (Symantec Corporation, 2015) . Paymen t Card Skimmers Credit/Debit Card skimmers are usually difficult to spot. As mentioned in the Literature Review, these devices can be found on gas station pumps, ATMs, or they can be portable (Brittain, 2017). Once the card information is copied by the sk immer, the hacker can then use the information to steal another person’s identity, sell the card information on the Dark Net, or create brand new fraudulent cards. The fraudulent credit/debit cards are then used for shopping sprees.

Often times these fraud ulent cards are printed with bogus names to evade detection. By the time the true cardholder receives their credit card statement that they discover their card information has been breached the hacker could have maxed out their credit card (Brittain, 2017) . Theme Two: Damage Control Research question two: What recommendations could be made to mitigate future threats? Establish IT governance Creating an IT governance program that incorporates people, procedures and devices is essential when supplying the groundwork for the security necessary to push business modernization while still alleviating risk, mitigating costs and lessening the burden of regulation (Symantec Corporation, 2015) . Training is a must. As the network grows with each new customer and business partnership, the business becomes more susceptible to the risk of a cyberattack . 29 Protect the POS Up date POS s oftware regularly . When it comes to updating POS software, the sooner the bette r. It is highly recommended that retailers update their POS when software updates become available. New types of attacks are manufactured by hackers every day. POS updates will include security patches that prevent the systems from falling victim to these new attacks . By installing POS updates on a regular basis, the information stored on POS networks will remain protected (Feinstein, 2017) . Require the IT department to monitor the market for the release of new POS software. Hold the department responsible for installing the software on all POS systems within 1 -2 weeks of the release date. If IT employees fail to implement the POS updates with in the specified timeframe, they should be documented for violation of policy. Install firewalls and a nti -virus software. It is important to have multi -layer security when protecting the POS system. Although firewalls and anti -virus software will not guara ntee 100% POS protection against cyberattacks , they should still be used as a layer of protection against hackers and malware . Firewalls are network security device s that observe and control the network traffic e ntering and leaving the network, (Cisco, n.d.) . Anti -virus software is used as a background check that searches computers, servers or devices in order to stop the spread of malicious programs (Rouse, Antivirus Software (antivirus program), 2017) . Require the IT department to maintain firewalls and anti -virus software. Like POS software , firewalls and anti - virus software nee d to be updated on a regular basis. Hold the IT department accountable for updating the software and document any violati ons of policy. Use strong p asswords . Require employees to use strong passwords for all computer applications and the POS systems. Strong passwords will include at least one uppercase letter, one lowercase letter, at least one number, at least one special character, and a minimum of six 30 total characters. It is recommended that passwords be changed every 4 months to protect against a breach. If employees need to reset their password, IT must supply a temporary password that will need to be changed by the employee upon login to reflect the passwo rd requirements. In addition to the main password requirements, employees should be encouraged to choose passwords that do not contain full names, or the same number sequentially. This ensures that passwords are complex and more difficult for hackers to cr ack. Passwords should also be accompanied by security questions selected by the employee, and a CAPTCHA or reCAPTCHA to prove that the application is being accessed by a human and n ot a robot or computer. Denying Inte rnet a ccess from the POS. As convenient as it may be to access the internet when using the POS terminals, the restri ction will offer another level o f cyber protection. Accessing the internet on the POS will leave the system vulnerable threats like viruses and other malware (Feinstein, 2017) . Retailers should only allow IT support to access the Internet on the POS if it is necessary to complete an authorized task. Any violations made by a member of IT or an other department must be documented by Human Resources. Retail ers are recommended to monitor all activity on the POS systems through exception -based reporting and Closed Circuit Television (CCTV). All it takes is one employee selecting a malware -infested website to sabotage a business’ success and destroy its reputat ion. Disable remote access. Hackers are becoming increasingly savvy when it comes to breaching POS systems through remote access. Although retailers may see it useful and convenient to allow IT employees to remote access into workstations when they are unavailable to make a physical appearance , by doing so they are placing the POS at risk of a breach. Remote access can provide hackers with the opportunity to gain access to networks, retrieve sensitive 31 information about the business or customer database, and delete IT’s remote access to the POS network. Whitelisting. Another layer of protection that retailers should implement to protect POS systems is application whitelisting. Whitelisting determines which applications are allowed to run on a workstation. It is an effective method of stopping unwelcome programs including viruses, malware programs, P2P file sharing , and prevent interruption of business operation (Rouse, Application Whitelisting, 2017) . On the other hand, it can also prevent trusted applications that have not yet been added to the authorized application list. It is important that the IT department update the list frequently to ensure no issues are encountered when accessing authorized applications. Users sometim es perceive whitelisting as a nuisance because they have to contact IT to approve an application before being to access it. This can be time -consuming if there are a lot of requests that need approval . Encryption and tokenization . When payment card information is in transit, encryption provides a good method of protection. Encryption c an protect card numbers from hackers. In a retail setting , encryption can prove to be very useful when safeguarding customer payment card information . Tokenization prov ide s protection of payment cards when they are in use or dormant. Card numbers are replaced with an exclusive token ID during the checkout process . By using encryption, retailers can prevent customer card information from being stolen by hackers at a late r date because the information is no longer available in their system. It is recommended that retailers employ both encryption and tokenization to protect all payment card information that passes through their POS systems. Implement an encryption method th at encrypts card information during entry and only decrypts the information when once it arrives at the POS device. 32 Physical security of d evices . This method of POS protection may seem simplistic, but it is important nonetheless. By physically securing all POS systems including stationary devices and portable or mobile devices. It is recommended that retailers install cameras over stationary POS systems, these cameras can prove useful in the event of a law enforcement investigation or company investigation. It is also recommended that IT assign and keep records of employees who have access to portable or mobile devices. Any lost devices should be reported to the IT department immediately. Employees should also be documented for losing or damaging POS devices . If these devices land in the hands of a hacker, there is a good chance that the retailer will experience a cyberattack shortly after. Vulnerabi lity testing. Testing POS systems can identify several cybersecurity factors. These factors include identifying points of attack, tactics used by the hackers, and detect vulnerabilities. The results of the testing will be analyzed and then be used to prevent future atta cks on POS systems. Retailers are encouraged to hire security experts to conduct the POS penetration testing. The testing should include the following steps: plan a course of action, set a goal, gather available information on the POS system being tested, identify vulnerabilities, practice penetrating the system, and study the results. Retailers should require the IT department to work closely with the security experts. They should take notes on the POS penetration testing, and incorporate the findings in c yberattack prevention methods. Establish a POS p olicy . It can be difficult to determine how to protect a POS system without a policy to provide direction. These guidelines should be used to educate employees as to what is acceptable and unacceptable when c onducting POS activities. It is recommended that POS policies include approved and restricted POS functions, such as whether or not employees can access the internet on the POS, policy requirements including assignment of mobile POS 33 devices, POS processes, best practices , and consequences of violating POS policy. Require all employees to sign off on the policy, this sign off will serve as proof of receipt and acknowledgment of what is expected. The policy should be maintained and updated regularly, holding employees accountable for out of date can potentially cause issues for retailers. It is suggested that retailers consult the NIST framework when creating or updating a POS policy. Invest in t raining . More often than not people, specifically employees are t he weakest link in the chain of security (Symantec Corporation, 2015) . Every successful program relies heavily on employee training. Retailer businesses need to promote employee awareness and training programs on information s ecurity. A best practice is to cross -train employees in general IT security and personal IT security. Employees need to have a good understanding of security at the business and personal level in order to assist in the protection against cyberattacks . The Queens School of Business and by the Gallup Organization reported that detached employees used 37% more days off, had 4 9% more accidents, and made 60% more errors than employees who were actively engaged with their employer (Seppala & Cameron, 2015) . The businesses that scored low on employee engagement , were 18% less productivi ty, 16% less lucrative , had 37% less potential for career growth, and 65% lower share price over a period of time (Seppala & Cameron, 2015) . Employees who lack loyalty the business are usually more stressed and significantly contribute to the turnover rate through either termination or resignation. They look for opportunities outside of their current employer to fill the void in their work life. Neutralize third -party r isk . Hackers are targeting the IT supply chain and partne r network more frequently as a result of stronger network boundaries. Retail businesses need to evaluate the risk posed by third -party vendors. In order to neutralize third -party risk and because 34 self -documentation processes are less dependable, retailers are urged to use active cyber threat monitoring and mitigation from third parties (Symantec Corporation, 2015) . Leverage the NIST F ramework . The NIST Cybersecurity Framework incorporates cybersecurity methods that have been es tablished by the National Institute of Standards and Technology (NIST) and the International Standardization Organization (ISO) (Symantec Corporation, 2015) . The Framework consists of a risk -based list of rules and delivers organizations with an assessment tool intended to help them define their current cybersecurity capabilities, set goals and create a plan for refining and sustaining cybersecurity policies and procedures (Symantec Corporation, 2015) . Cybersecurity is referred to as “risk management” in the Framework. The Framework may also provide potential standards for future legal rulings regarding cybersecurity. Retail businesses that embrace the Framework may find themselves in a better posi tion to conform to future cybersecurity and privacy protocols (Symantec Corporation, 2015) . Commit to ongoing investment . Retail businesses are generally behind in information security protection policies and procedures. This is mainly due to the focus on driving productivity and sales. Making the sales plan for the day, week, and year is the primary goal. As a result, the need to cut costs and make a profit against slim margins prompts retailers to only implement very basic PC I standards (Symantec Corporation, 2015) . According to a survey from the PricewaterhouseCoopers 2015 Global State of Information Security, only 3.7 percent of the IT budget represents information security (Symantec Corporation, 2015) . It is imperative that retail businesses get ahead of the cyber threats and make a lasting commi tmen t to ongoing investment in their information security . 35 Insurance against a Cyberattack . Having a cyber insur ance policy that covers diffe rent cyber -related incidents is vital to any cyber risk management approach . What is cyber insurance? It's insurance that provides business' liability coverage for any breaches involving private customer information such as social s ecurity numbers, credit/debit card numbers, account numbers, and driver's license numbers ( Nationwide Mutual Insurance Company., 2017) . General liability insurance is usually limited to physical injuries and property damage , and does not include protection for cyber -related incidents. The following information regarding cyber insurance is provided by Nationwide Insurance. Cyber insurance covers the following:  Legal fees and expenses  Informing customers of a data breach  Restoring the identities of customers affected by a breach  Regaining breached information  Fixing compromised computer systems The coverage for cyber -related incidents will vary slightly from one insurance company to another. Nationwide provides three types of cyber insurance: 1. Data compromise protection , which covers credit mon itoring . 2. Identity recovery protection , which covers identity fraud and credit repair . 3. CyberOne protection , which covers damage caused by a virus or computer attack, and data restoratio n costs . Retail businesses may find themselves in litigation and experience significant loss in profits as a result of a cyberattack . By implementing a decent insurance policy , the retailer can save themselves from litigation and minimize overall loss. The type of insurance policy and insurance 36 premium depends on the goods and services sold, the current state of their information security, vulnerabilities, annual revenue, and privacy regulations (Symantec Corporation, 2015) . Retailers are encouraged to shop around for a cyber incident policy before making a final decision . There are also insurance companies that strictl y specialize in cyber insurance such as Root9B, RSA, IBM Security, Dell SecureWorks, and Palo Alto Networks. Building Industry Partnerships Retailers can learn a lot from one another’s experiences. Retail businesses better protect themselves against attacks by building relationships with fellow retailers, sharing details of attacks and teaming up with industry st akeholders (Symantec Corporation, 2015) . The Retail Cyber Intelligence Sharing Center (R -CISC) and the Information Sharing and Analysis Center (ISAC) are two main organizations that support sharing of information between retai lers. The National Retail Federation (NRF) established a Retail Cyber Intelligence threat alert system in conjunction with the Financial Services Information Sharing and Analysis Center (FS -ISAC) and the U.S. Department of Homeland Security in order to ass ist information sharing between retailers (Symantec Corporation, 2015) . The information shared can create new cybersecurity policies and procedures that will prevent future attacks. Comparison of the Findings to Other Studies When compared to other studies, this paper has a much broader coverage of cybersecurity threats in the retail industry. The purpose of these findings is to provide a general understanding of the cyber threats that can easily cause damage and harm to retail businesses. The information provided in this paper is not specific to one retailer. The information was collected from many different reports and articles regarding multiple retail businesses that were victims of cyberattacks . 37 Limitations of the Study Limitations of the study include lack of information reported by compromised retail businesses. Retail businesses selectively choose what to share with the media and the public regarding their cybersecurity policies, procedures, and encounters. As can be ex pected, highly sensitive and private customer information is kept from the public, and therefore this study lacks in detail pertaining to the retailers acknowledged. Th e statistics presented in this study were collected from a small sample of retail busine sses that experienced a highly publicized cyberattack. The study was not authorized by any of these retail businesses and was not privy to specific facts involving names, costs, and productivity. 38 RECOMMENDATIONS Establish IT Governance IT governance is a management process that outlines decision rights, ensures risk tolerance is involved in decision making , and offers a method of measuring expectations through a compliance process (Microsoft, 2008) . Before any decisions can be made the governance structure and process must be determined. This will name the designated retail business and IT representatives who will be solely responsible for making decisions and held accountable for any issues that may arise. The determination of initiatives and devices will ultimately be the result of governance activities. IT governance will also offer an environment in which employees can appreciate and understand the benefits of a governance program (Microsoft, 2008) . Establishing IT governance includes the following steps:  Setting vision . This step establishes the governance structure for IT and generates decision -making power and culpability. The business will create clear and concise goals, adopt requirements from appropriate standards and regulatory bodies, determine risk tolerance, outline performance indicators, and create a method of measuring progress (Microsoft, 2008) . The business will also create a setting for governance act ivities, determine policies, communication plans, risk management plans, liability for governance decisions. In this step , the business will produce an IT governance contract and name an owner (Microsoft, 2008) .  Partnering IT w ith the business . This step will also decide if overall governance and IT governance is the right fit for the business. If it is not a good fit, IT governance will feel the consequences. Retailers will map out business -oriented goals, management mandates, respective owners, legal interpretation requirements, compliance requirements, identify 39 governance committee members meetings, and clearly defined roles and responsibilities (Microsoft, 2008) .  Classify regulations and standards . The business must inspect and properly implement these regulations and standards. The business must specify regulatory requirements, require IT analysis of IT service management frameworks, identify IT competenc ies and restraints, and as mentioned earlie r, implement a governance framework that signifies the least organizational burden for the maximum benefit to productivity, proficiency, compliance, and alignment with the business needs (Microsoft, 2008) .  Create a policy . Esta blishing a policy helps guide employees to exemplify the desired behaviors. The business must determine the processes that need explicit performance measures defined by policy, document and communicate policy , identify non -compliance or other situations wh ere they have responded less than adequately, and put policy into practice (Microsoft, 2008) . The business should also consult the legal department regarding the proposed policy to ensure that no laws are broken. The policy mus t be clear, concise, and easily understood by all employees. The policy should use common terms and concepts , but incorporate basic cybersecurity keywords. Invest in Training Instruct employees not to share personal information in email communications, unsolicited phone calls, or text messages. Instruct employee s to refrain from entering personal information in pop -up windows when using the internet. Employers need to update al l security software and other software programs on a regular basis (Symantec Corporation, n.d.) . Educate employees on safe computer and internet practices . Computer knowledge and security var y from person to person. Therefore, it is important to provide the same amount of training to all employees . Not 40 only do employees need to be trained, but they also need to be recognized for learning the skills and practicing them in the workplace. Employees need to be reminded of their valu e, and need to feel appreciated by the companies that they work for. Angry and disgruntled employees are much more likely to pose a security concern than employees who are happy with their job and employer . Make trai ning interactive and fun, will encourage employees to participate in group discussions, and even prompt them to share their own ideas. Cyber Security Best Practices Train employees to contact the IT department immediately if they receive any suspicious phone calls. Hackers will pose as IT in attempt to trick employees into installing malware , or convince them to share confidential information as fuel for cyberattacks . Remind employees to be careful not to leak intellectual property. Even if the leak is accidental, it can cause severe repercussions. Instruct employees to be mindful when sharing pictures that reveal sensitive information on any visual boards or computer screens. If these boards or screens may be visible to outsiders. Have employees report any warnings from Internet secu rity software to IT as soon as possible. IT may not be aware of all threats that occur. Require employees to inform the IT department when they are traveling, especially if they are going to be using public wireless Internet . Ensure employees are knowled geable in using the company’s Virtual Private Network (VPN), (Symantec Corporation, n.d.) . Educate employees not to click on links open attachments in emails from unknown senders. Phishing emails trick employees into who open t hese links or attachments without verifying their legitimacy. As a result, employees create an opening that leaves the company vulnerable to malware. Train employees contact your IT department if they are unsure about an email’s 41 legitimacy. Also , instruct employees to refrain from even opening emails from senders that are unfamiliar. This way they are a not tempted to open any links or attachments. Online Activities Stealing intellectual property and sharing company secrets is generally against company policy and procedures. However, employees should still be instructed not to steal or share any company information. The business may even track the use of their documents, and therefore employees’ activities are private. Consult current Acceptable Electronic Use (AEU) policy, and refer to the instructions on safe use of devices. If the business does not have a current AEU policy, they should partner with IT to create and implement one immediately. The more time spent without an AEU is more time that employees are left without guidelines to follow when using devices. Consult the IT department before backing up devices to cloud services, and request a list of authorized cloud solutions (Symantec Corporation, n.d.) . Ensure t hat cloud services are also a part of the AEU. Require the IT department to research existing, successful AEU’s at other retail businesses. Instruct them to create a visual illustrating the pros and cons of the differing AEU’s. Once all options have been d iscussed, draft an updated AEU and communicate it company -wide. Best Practices for Contacting IT Support When in doubt, call IT. Many times an unassuming computer update can snowball into a malware infection. Require employees to seek permission to use personal devices. IT department must determine if the device is allowed to access and upload sensitive, corp orate information. Require employees to only use authorized applications when accessing corporate documents.

Educate employees on the process of allowing IT to connect to their workstation. By doing this, time will be saved when IT assistance is needed to resolve an issue. Educate employees on basic 42 computer hardware terms (Symantec Corporation, n.d.) . This way IT can identify the root of the problem faster. Neutralize Third -Party R isk The business must create a master list of all third -party affiliates. Next , they should partner with the IT department to measure the risk posed by each third party. Prior cybersecurity breaches involving any of the third parties should be taken into accou nt. In addition to the third parties’ prior history, a list of potential vulnerabilities in regards to protection of data and billing method for services should be considered. By mapping out the past and future interactions with third -party affiliates, the business can be better prepared to respond to a third -party breach of security. This will save time and money. The business will ultimately determine whether the risk is worth working with these third -parties. How to Use the NIST Framework It is recommen ded that the business utilize resources found on the NIST's Framework website in order to assist IT decision makers. The Framework is not intended to replace any current cybersecurity processes. The business can use its existing process in conjunction with the Framework to find holes in its existing cybersecurity approach and create a plan for improvement. The next sections present different methods in which businesses can use the Framework to create or improve their cybersecurity. Establish or Improve a Cybersecurity Program based on the Cybersecurity Framework Step 1: Prioritize and Scope. In this step , the business must determine mission objectives and high -level priorities (National Institute of Standards and Technology, 2014) . Step 2: Orient. After the general structure of the cybersecurity program has been created the business will determine relative systems and assets, regulatory requirements, and risk 43 management. Then the business will identify cybersecurity threats, weaknesses of the systems and assets (National Institute of Standards and Technology, 2014) . Step 3: Create a Current Profile. In this step , the business will create a Current Profile by demonstrating which Category and Subca tegory outcomes from the Framework Core are presently being accomplished. Step 4: Conduct a Risk Assessment. The assessment needs to be based on the business’ general risk management process or former risk assessment practices (Na tional Institute of Standards and Technology, 2014) . The business will evaluate the working environment to determine the probability of a cybersecurity incident and the effect that the incident would potentially have on the business. Step 5: Create a Target Profile. The business will build a Target Profile that concentrates on the evaluation of the Framework Categories and Subcategories explaining the business’ preferred cybersecurity results. The business can also add their own Categories and Sub cat egories to account for additional or exclusive risks. The business may also take into account the requests and guidance of external stakeholders when building a Target Profile (National Institute of Standards and Technology, 2014) . Step 6: Determine, Analyze, and Prioritize Gaps. In this step , the business will compare the Current Profile and the Target Profile in order to identify any disparities. Then the business will generate an action plan to address the disparities, and a cost/benefit examination to accomplish the results in the Target Profile. Next , the business will decide what resources are required to resolve the disparities (National Institute of Standards and Technology, 2014) . Step 7: Implement Action Plan. In this last step, the business will decide what actions to take to address the disparities mentioned in the preceding step. Next , the business will observe its 44 existing cybersecurity procedures against the Target Profile. The busine ss can repeat the steps as many times necessary to continue evaluating and developing its cybersecurity program, (National Institute of Standards and Technology, 2014) . Commit to Ongoing I nvestment The retailer needs to establish a budget strictly for the IT department. The budget needs to incorporate security software, security updates, adequate IT staffing, state of the art devices and workstations. The IT budget should be one of the largest budget s within the retail business. The budget should also account for any damaged devices or resources needed in the event of a cyberattack . Costs incurred from an attack can potentially cost millions of dollars in repairs. The retail business should invest in training courses, such as interactive computer training that illustrate cybersecurity issues employees may encounter. Have experts from currently used tech vendors host in -person training in the conference room every few months. Require the IT department t o host weekly 10 minute meetings, and share current cybersecurity topics or issues. Have the IT department send regular emails including a “fun fact” or one question quiz to test the recipients’ cybersecurity knowledge. Report the results of these quizzes at the weekly meetings. Serve refreshments and hand out prizes at the meet ings to encourage participation . Find ways to motivate employees to participate. Insurance against a Cyberattack It is important for retailers to determine the right cyber insurance policy for their business. The type and amount of coverage should be based on the size of the business, and the goods and services the retailer provides. It is recommended that the C -Suite partners with the IT department to shop for the proper cyber insura nce coverage. Request consultations with each of the cyber insurance companies , and ask for information on each of the policies they offer . 45 Consider how long the insurance company has been in operation , and the size of their client base . If possible ask fo r a list of retailers on their client list. Require the IT department to research the pros and cons of each insurance company and their cyber policy. Narrow the down the options by presenting all findings to the Board of Directors and the rest of the C -Suite members, and take a final vote. Benefit Through Industry P artnerships In order to fully understand the current cybersecurity issues in the retail industry, the business must be aware of the experiences of their fellow retailers. The best way to learn is through other people’s mistakes. Most retailers will refrain from sharin g intimate details about their cybersecurity incidents, however by building a relationship and gaining their trust an open line of communication can be established. The Retail Cyber Intelligence Sharing Center (R - CISC) and the Information Sharing and Analy sis Center (ISAC) are two leading organizations that support sharing of information between retailers. The business should also particip ate and become an active member of these organizations and require the IT department to monitor and reference these two organizations for current cybersecurity retail news. The Retail Cyber Intelligence Sharing Center (R -CISC) provides education, training, an information , and analysis center, research and strategic support. According to the R -CISC retailers are stronger tog ether, (Retail Cyber Intelligence Sharing Center, 2016) . The R -CISC shares the following information:  Incident (who, what, where)  Threat Actor  Course of Action  Campaign (motive) 46  TTP ( Tactics, techniques, or procedures)  Observables  Target Exploit  Indicators (Retail Cyber Intelligence Sharing Center, 2016) Information Sharing and Analysis Centers (ISACs) assist retailers in cyber and physical security threats. ISACs gather, examine and distrib ute cybersecurity threat information to their members and give members tools to alleviate risks and improve resiliency ( National Council of ISACs, 2017) . Retailers should re quire their IT department to report any news or upda tes from the ISACs on a weekly basis. The IT department should also be required to propose action plans to deal with any new cyber threats that are found by the R -CISC and the ISACs. These plans should be reviewed and approved by the C -suite and Board of D irectors. 47 CONCLUSION Retail businesses need to be aware of cybersecurity threats in the retail industry, in order to select a strong security system and mitigate potential threats. The constant evolution of devices and online services are redefining the way that consumers shop. While it is necessary for businesses to adopt innovative payment methods to compete with other retailers, they must also keep up with the increasingly complex cyber threats . Retailers need to bridge the gap between IT security, technology, staffing and retail experience in order to remain relevant and successful . Retailers are advised to hire cybersecurity experts and service providers that deliver strong security solutions that meet their specific needs . Retailers c an minimize the total loss to their business and maintain the trust of their customers by b uilding strong partnerships with fellow retailers, strong cybersecurity methods, and risk management strategies . There i s no one way to prevent or mitigate future cybersecurity threats. The solution lies in the combination of IT governance, training, neutralization of third -party risk, use of the NIST Framework, and commitment to invest in the cyberse curity program. Retail employees are the first line of defense against an attack. They must be educated regularly on the risks of cybersecurity events and how they impact their employment, productivity, wages , and success of the overall business. Without proper training employee s are left in the dark, not knowing the dangers of a cyberattack and the lasting d evastation it can leave behind. The responsibility is not solely in the hands of the employees, but also the retail business itself to protect against any breach of informati on. 48 REFERENCES Beetoobi IT Solutions. (2017). Ransomware Infects Hosting Company; Decryption Costs A Million Dollars . Retrieved from Beetoobi IT Solutions: https://www.beetoobi.com/2017/07/06/ransomware -infects -hosting -company -decryption - costs -a-million -dollars/ Foresite MSP, LLC. . (2016, August 23). WHAT IS CRIMEWARE? Retrieved from Foresite: https://www.foresite.com/blog/what -is-crimeware -2/ National Counc il of ISACs. (2017). Home . Retrieved from National Council of ISACs: https://www.nationalisacs.org/ Nationwide Mutual Insurance Company. (2017). Cyber Liability Insurance . Retrieved from Nationwide: https://www.nationwide.com/what -is-cyber -insurance.jsp Ab endan, O. (2011, May 19). PALEVO Worm Leads to Info Theft, DDoS attacks . Retrieved from Trend Micro: https://www.trendmicro.com/vinfo/us/threat -encyclopedia/web - attack/104/palevo -worm -leads -to-info -theft -ddos -attacks Ankeny, J. (2017, February 13). 3 Trend s Shaping Retail Cybersecurity in 2017 . Retrieved from Retail Dive: http://www.retaildive.com/news/3 -trends -shaping -retail -cybersecurity -in- 2017/435868/ Ashford, W. (2017, June 2). Kmart cyber attack highlights PoS vulnerabilities. Retrieved from ComputerW eekly.com: http://www.computerweekly.com/news/450420059/Kmart -cyber - attack -highlights -PoS -vulnerabilities#.Wb23lt3ly7A.email Bisson, D. (2016, June 20). Acer to notify customers of online store data breach. Retrieved from Graham Cluely: https://www.grahamc luley.com/acer -customer -data -breach/ Brittain, J. (2017, April 27). Fundamentals of Credit Card Skimmer Fraud . Retrieved from LPM Insider: http://losspreventionmedia.com/insider/retail -fraud/the -fundamentals -of-credit - card -skimmer -fraud/ Cisco. (n.d.). Wha t Is a Firewall? Retrieved from Cisco: https://www.cisco.com/c/en/us/products/security/firewalls/what -is-a-firewall.html Conner, B. (2017, January 23). Be Prepared for These Retail Cybercrime Trends in 2017 . Retrieved from Total Retail: http://www.mytotalr etail.com/article/be -prepared -for -these - retail -cybercrime -trends -in-2017/ Corso, J. (2017, May 19). Judge Approves $5.2M Kmart Breach Settlement With Caveat. Retrieved from Law360: https://www.law360.com/articles/926315/judge -approves -5-2m - kmart -breach -set tlement -with -caveat CRN. (2010, June 25). Asprox Botnet Causing Serious Concern. Retrieved from CRN: https://www.crn.com.au/news/asprox -botnet -causing -serious -concern -217775 49 Enigma Software Group USA, LLC. . (2017). H-Worm. Retrieved from Enigma Software: https://www.enigmasoftware.com/hworm -removal/ Feinstein, E. (2017). Five Ways To Protect Point Of Sale Stations And Networks From Cybercrime. Retrieved from Point of Sale: https://pointofsale.com/On -Managing/Five - Ways -to-Protect -Point -of-Sale -Stations -and -Networks -From -Cybercrime.html FireEye, Inc. . (2015). CYBER THREATS TO THE RETAIL AND CONSUMER. Retrieved from Fire Eye: https://www.fireeye. com/content/dam/fireeye -www/global/en/solutions/pdfs/ib - retail -consumer.pdf Franko, M. (2017, July 13). Web Attacks in Retail Environments . Retrieved from Secure State: https://www.securestate.com/blog/2017/07/13/web -attacks -in-retail -environments Furlow, C., & Disparte, D. (2017, May 16). The Best Cybersecurity Investment You Can Make Is Better Training. Retrieved from Harvard Business Review: https://hbr.org/2017/05/the - best -cybersecurity -investment -you -can -make -is-better -training Haq, T., & Moran, N. (20 13, September 24). Now You See Me - H-worm by Houdini. Retrieved from FireEye: https://www.fireeye.com/blog/threat -research/2013/09/now -you -see -me -h- worm -by -houdini.html Haymarket Media, Inc. (2017). Children's National Health System breached, data of 4K patients compromised. Retrieved from SC Media: https://www.scmagazine.com/childrens - national -health -system -breached -data -of -4k -patients -compromised/article/529683/ Imano, S. (2011, March 11). Trojan.Koredos Comes with an Unwelcomed Surprise. Retrieved from Symantec: https://www.symantec.com/connect/blogs/trojankoredos -comes - unwelcomed -surprise Intel Corporation. (2016). Strengthen POS Security from Transaction to Data Center. Retrieved from Intel: https://www.intel.com/content/dam/www/public/us/en/documents /solution - briefs/strengthen -pos -security -from -swipe -to-bank -with -an -end -to-end -pos -strategy - brief.pdf Koo, J. (2017, May 23). Kmart $5.2M Breach Bank Class Settlement Moves. Retrieved from Bloomberg Law: Privacy & Data Security: https://www.bna.com/kmart -52m -breach - n73014451394/ Masunaga, S. (2017, May 23). Target will pay $18.5 million in settlement with states over 2013 data breach. Retrieved from Los Angeles Times: http://www.latimes.com/business/la -fi- target -credit -settlement -20170523 -story.html McCoy, K. (2017, May 23). Target to pay $18.5M for 2013 data breach that affected 41 million consumers. Retrieved from USA Today: https://www.usatoday.com/story/money/2017/05/23/target -pay -185m -2013 -data -breach - affected -consumers/102063932/ 50 McCoy, K. (2017, May 2 3). Target to pay $18.5M for 2013 data breach that affected 41 million consumers . Retrieved from USA Today: https://www.usatoday.com/story/money/2017/05/23/target -pay -185m -2013 -data -breach - affected -consumers/102063932/ McGlasson, L. (2007, December 4). TJX , Visa Agree to $40.9 Million Payout for Data Breach . Retrieved from Bank Info Security: https://www.bankinfosecurity.com/tjx -visa -agree -to- 409 -million -payout -for -data -breach -a-648 Microsoft. (2008, April 25). Process 1: Establish IT Governance . Retrieved from TechNet: https://technet.microsoft.com/en -us/library/cc531021.aspx National Institute of Standards and Technology. (2014, February 12). Framework for Improving. Retrieved from NIST Cybersecurity Framework:

https://www.nist.gov/sites/default/files/docu ments/cyberframework/cybersecurity - framework -021214.pdf NSFOCUS. (n.d.). Distributed Denial -of-Service Attacks: An Economic Perspective. Retrieved from Infosecurity Europe:

https://www.infosecurityeurope.com/__novadocuments/264689?v=63607547475890000 0 Pepi tone, J. (2014, January 12). 5 of the biggest -ever credit card hacks . Retrieved from CNN Tech: http://money.cnn.com/gallery/technology/security/2013/12/19/biggest -credit -card - hacks/3.html Pilici, S. (2017, June 27). How to remove Zeus Virus from Windows (2 017 Help Guide). Retrieved from Malware Tips: https://malwaretips.com/blogs/zeus -trojan -virus/ Retail Cyber Intelligence Sharing Center. (2016). The Cybersecurity Resource for the Retail Industry . Retrieved from R -CISC: https://r -cisc.org/ Rouse, M. (2015, January). POS malware (point -of-sale malware) . Retrieved from Tech Target: http://whatis.techtarget.com/definition/POS -malware -point -of -sale -malware Rouse, M. (2017, August). Antivirus Software (antivirus program). Retrieved from TechTarge t: http://searchsecurity.techtarget.com/definition/antivirus -software Rouse, M. (2017, January). Application Whitelisting. Retrieved from TechTarget: http://searchsecurity.techtarget.com/definition/application -whitelisting Ruff, C. (2017, February 13). 5 N umbers to Know About Retail Cybersecurity. Retrieved from Retail Dive: https://www.retaildive.com/news/5 -numbers -to-know -about -retail - cybersecurity/435682/ Savvas, A. (2007, April 02). TJX hack the biggest in history. Retrieved from ComputerWeekly.com: htt p://www.computerweekly.com/news/2240080607/TJX -hack - the -biggest -in-history 51 Seals, T. (2017 , March 13). Home Depot to Pay $27.25m in Latest Data Breach Settlement . Retrieved from Info Security: https://www.infosecurity -magazine.com/news/home -depot - to-pay -2725m/ Seals, T. (2017, March 13). Home Depot to Pay $27.25m in Latest Data Breach Settlement. Retrieved from Infosecurity Group: https://www.infosecurity -magazine.com/news/home - depot -to-pay -2725m/ Seppala, E., & Cameron, K. (2015, December 1). Proof That P ositive Work Cultures Are More Productive. Retrieved from Harvard Business Review: https://hbr.org/2015/12/proof -that - positive -work -cultures -are -more -productive Symantec Corporation. (2014). Attacks on point -of-sales systems. Retrieved from Symantec: https ://www.symantec.com/content/dam/symantec/docs/white -papers/attacks -on -point - of-sale -systems -en.pdf Symantec Corporation. (2015). Cyber Security for Retail Services. Retrieved from Symantec: https://www.symantec.com/content/dam/symantec/docs/white -papers/cy bersecurity - retail -en.pdf Symantec Corporation. (2015). Cyber Security for Retail Services: Strategies that Empower your Business, Drive Innovation, and Build Customer Trust. Retrieved from Symantec: https://www.symantec.com/content/dam/symantec/docs/white -papers/cybersecurity - retail -en.pdf Symantec Corporation. (n.d.). Cyber security best practices for employees . Retrieved from Norton: https://us.norton.com/internetsecurity -how -to-cyber -security -best -practices -for - employees.html Techopedia Inc. (2017). Cri meware . Retrieved from Techopedia: https://www.techopedia.com/definition/4258/crimeware Techopedia Inc. (2017). Dark Web . Retrieved from Techopedia: https://www.techopedia.com/definition/31562/dark -web Techopedia Inc. (2017). Denial -of-Service Attack (DoS) . Retrieved from Techopedia: https://www.techopedia.com/definition/24841/denial -of-service -attack -dos Vollmer, S. (2015, January 14). How to protect against the 9 most common cyber -attacks . Retrieved from CGMA Magazine:

https://www.cgma.org/magazine/2015/j an/201511624.html Zadelhoff, M. v. (2016, September 19). The Biggest Cybersecurity Threats Are Inside Your Company . Retrieved from Harvard Business Review: https://hbr.org/2016/09/the -biggest - cybersecurity -threats -are -inside -your -company