British retailers can learn lessons from US identity hack

A senior security executive has said that British retailers can learn lessons from the biggest identity hack case ever' - where 130 million credit and debit card numbers were stolen.

Chris Young, vice president for products at RSA, told IT PRO that retailers should not simply plug holes that they've seen in previous attacks, but rather get in front of the problems by identifying risk and putting policies in place.

"It's dangerous to chase incidents, if you are a retailer or anything else," he said. "What retailers need to do is learn from the incidents that have happened, but it's really about taking a step back and figuring out where do you have you greatest sources of risk.

One technology that companies were already using to protect data was enterprise-wide key management', where the right information was encrypted and the keys to it managed centrally.

He said that in many cases he was seeing retailers going a step further, such as with data-masking', where sensitive information was replaced with realistic false information.

Technology like this is used more in the UK and US, which Young said was due to the "size of the economies" that made retailers located there bigger targets. Also, the use of credit was much more pervasive there than around the world.