| The purpose of this study was to assess the risk of the most significant cyber attack threats to retail and financial organizations in order to determine where vulnerabilities exist. Threat assessments are the first step in assessing the risk of cyber attacks by hackers. There are three categories that threats originate from, the system architecture, system user and third party vendors. To accurately assess an organization's risk, each category must be analyzed. Regulatory laws and compliance methods have been established to guide organizations, however, the constantly evolving threats have proven to be a barrier to these organizations maintaining compliance. When a retail or financial organization has assessed all viable threats, they can determine which threat mitigation strategies best fits their needs. While some strategic advice is free, many strategies that are offered require membership fees based on a percentage of an organizations revenues (e.g. Financial Services Information Sharing and Analysis Center). Information sharing with safeguards for protecting consumers privacy and a stream-lined method for updating and maintaining compliance standards will help retail and financial organizations stay abreast of the cyber attack threat and maintain consumers trust. Retail and financial organizations can further protect themselves, system users and third party vendors by having a procedure in place for when and how their system can be accessed. Any activity occurring outside of this plan should alert the IT staff. All retail and financial organization staff that are responsible for the security of sensitive data need to be educated on the threat of cyber attacks and the resources at their disposal for mitigating these threats.;Keywords: Cybersecurity, Paul Pantani, Dr. Joe Adams, PCI-DSS, ISO, audits, DBIR. |
