Survey: Retail IT Professionals Confidence in Cyber Security Capabilities Increase as Data Breaches Rise
One-third of retail IT professionals say a data breach has occurred at their company
PORTLAND, Ore. – April 26, 2016 – Tripwire, Inc., a leading global provider of end point protection, security and compliance solutions, today announced the results of its 2016 retail cyber security survey. Conducted by Dimensional Research, the survey evaluated the attitudes of over 200 IT professionals in the retail sector and compared their responses to a similar survey Tripwire conducted in 2014.
According to a report by Arbor Networks, it takes retailers an average of 197 days to detect advanced threats on their networks. However, Tripwire’s 2016 survey found that ninety percent of the respondents believe they could detect a data breach on critical systems in one week or less. In 2014, seventy percent of respondents believed they could detect a breach in one week or less.
“Unfortunately, these results indicate that we can expect retail breach activity to continue in the future,” said Tim Erlin, director of IT security and risk strategy. “The increase in confidence connected with speed of breach detection is particularly surprising, especially in combination with partial implementation of detection tools. Together these results indicate while retail organizations might feel better about their cyber security capabilities, there’s still a long way to go to close the gap between initial compromise and detection.”
Additional findings from the study include:
- Seventy-five percent of the 2016 respondents believed they could detect a breach within 48 hours, compared with forty-two percent in 2014.
- Retail data breaches involving personally identifiable information (PII) have more than doubled since 2014. When asked if a data breach occurred at their organization where PII was stolen or accessed by intruders, one-third (thirty-three percent) of the respondents said, “yes,” compared with fourteen percent in 2014.
- Implementation of breach detection technology has remained flat. In both 2014 and 2016, fifty-nine percent of the respondents said their breach detection products were only partially or marginally implemented. Both surveys defined breach detection as anti-virus software, intrusion detection systems, malware detection, white listing and file integrity monitoring.
- Companies with larger revenues monitor configuration parameters on critical payment assets less frequently. Sixty-five percent of respondents working for organizations with revenues of less than $100 million check their compliance at least weekly, and only fifty-five percent of respondents with revenues of more than $100 million answered similarly.
Trend Micro recently reported that malware that affects point-of-sale (POS) systems grew sixty percent in the third quarter of 2015 alone. According to Verizon’s 2015 Data Breach Investigations Report, attacks on POS systems continue to be the top source of confirmed data breaches.
Erlin continued, “Partially implemented tools are a serious liability for information security. Organizations need to move from a checkbox approach to measuring gaps in their security coverage. If you’re not monitoring one hundred percent of your endpoints, you’re leaving room for attackers to gain a foothold.”
Dwayne Melançon, chief technology officer for Tripwire, will be speaking about retail breaches and how to restore trust after a breach at the 2016 Retail Cyber Intelligence Summit. The summit will take place April 25-26, 2016, at the Hyatt Regency in Chicago, Illinois.
For more information on the survey, please visit: http://www.tripwire.com/company/research/tripwire-2016-retail-security-survey/.
Tripwire is a leading provider of endpoint detection and response, security, compliance and IT operations solutions for enterprises, service providers and government agencies. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business context; together these solutions integrate and automate security and IT operations. Tripwire’s portfolio of enterprise-class solutions includes configuration and policy management, file integrity monitoring, vulnerability management, log management, and reporting and analytics. Learn more at tripwire.com, get security news, trends and insights at tripwire.com/blog or follow us on Twitter @TripwireInc.