Retailers are gaining confidence when it comes to handling cybersecurity issues even as data breaches continue to increase. As many as 75% of IT professionals within retail believe their organization would detect a data breach on their critical systems within 48 hours, according to the Tripwire 2016 Retail Security Survey.
The figure represents a huge jump in confidence compared to two years ago, when 42% of respondents expressed confidence about detecting a breach that quickly. In fact, 2014 totals indicated that 20% of retail IT reps had no confidence at all in detecting these kind of breaches, a number that has since shrunk down to just 5%.
The confidence boost illustrates that retailers have become far more aware of the potential cybersecurity problems affecting them. In fact, they are more prone to data breaches today. As of 2016, 33% of retailers have suffered a data breach where personally identifiable information (PII) was stolen or accessed by intruders, more than double the 14% that experienced such breaches in 2014.
Advertisement
“Unfortunately, these results indicate that we can expect retail breach activity to continue in the future,” said Tim Erlin, Director of IT Security and Risk Strategy at Tripwire. “The increase in confidence connected with speed of breach detection is particularly surprising, especially in combination with partial implementation of detection tools. Together these results indicate that while retail organizations might feel better about their cyber security capabilities, there’s still a long way to go to close the gap between initial compromise and detection.”
Implementation Of Breach Detection Tech Remains Flat
Despite the jump in confidence, implementation of breach detection technology has remained flat. In both 2014 and 2016, 59% percent of the respondents said their breach detection products were only partially or marginally implemented. Both surveys defined breach detection as anti-virus software, intrusion detection systems, malware detection, white listing and file integrity monitoring.
“Partially implemented tools are a serious liability for information security,” said Erlin. “Organizations need to move from a checkbox approach to measuring gaps in their security coverage. If you’re not monitoring 100% of your endpoints, you’re leaving room for attackers to gain a foothold.”
Even though retailers with larger revenues have far more information to handle, they actually monitor the configuration parameters on critical payment assets less frequently than their smaller counterparts. While 65% of IT reps working for retailers with revenues of less than $100 million check their compliance at least weekly, only 55% percent of respondents with revenues of more than $100 million said they do so.
