eBay hack must trigger a sea of change for retail cyber security attitudes

Retail’s approach to cyber security and attacks must change from a reactive attitude to one that is proactive in order to prevent the type of threats that have already infiltrated eBay’s auction site.

Related: eBay’s latest security flaw has been stealing user passwords since February

Fran Howarth, senior analyst specialising in security for Bloor research group, is urging companies to lay down plans far in advance of cyber attacks and not simply react to the attack when it is taking place.

“Reacting to an attack is not enough – we need to see firms taking a more preventative approach when it comes to cyber security,” Howarth said.

A second attack on eBay in a matter of months was uncovered earlier this month and the time it took the retailer to respond is something that Howarth and various others have been worried by.

“The concern behind this is not so much the attack itself, it is how eBay has, or more so, hasn’t handled it. It took them 12 hours to respond after it was initially flagged by a customer and given the attack they suffered earlier in the year this could prove very damaging to the reputation and brand of the business,” Howarth added.

Hackers installed a password harvesting scam on certain auctions on eBay and one user, at the time, told the BBC that he had reported the scam to eBay back in February 2014 with no action actually taken until earlier on this month.

Related: Why your business should practice proactive network security

“For eBay, a lot of questions will be asked of the procedures it implements when it comes to cyber security but hopefully it will also act as a catalyst for other firms to review their policies and ensure better cyber security. Countermeasures need to be developed and deployed that can help organisations defend against even the most advanced attacks,” Howarth added.