Are retailers overconfident when it comes to cybersecurity?
When asked how quickly their organizations would detect a data breach, 42 percent of retailers in a recent survey believed it would take 48 hours. Another 18 percent said 72 hours, and 11 percent believed it would take a week. Yet industry research indicates most breaches go undiscovered for weeks, months or even longer.
That’s at least according to the sponsor of the study, Tripwire, a provider of security solutions. In a statement, its chief technology officer, Dwayne Melancon, said the survey data "suggests that a lot of retailers are far too hopeful about their own cybersecurity capabilities."
The survey of 154 retailers conducted by Dimensional Research further found that 35 percent of respondents were "very confident," while 47 percent were "somewhat confident" that their security controls could detect rogue applications such as those used to exfiltrate data during data breaches.
But much more concern was detailed in several cybersecurity surveys Tripwire provided:
- The Mandiant 2014 Threat Report indicated that the average time required to detect breaches was 229 days. The same report also found that the number of firms that detected their own breaches dropped from 37 percent in 2012 to 33 percent in 2013.
- The 2014 Verizon Data Breach Investigations Report indicated that 85 percent of point-of-sale intrusions took weeks to discover, and 43 percent of web application attacks took months to detect.
- 2014 Trustwave Global Security Report revealed that retail is the top target for cybercriminals, comprising 35 percent of the attacks studied.
The retailer survey did find that 70 percent of respondents said that the recent Target breach had affected the level of attention executives give to security in their organizations.
The findings come as another new survey of 750 consumers sponsored by Brunswick Group, a corporate communications firm, found 61 percent of consumers hold retailers responsible for data breaches, not far from the blame placed on criminals (79 percent). Only 34 percent blamed the banks that issue debit and credit cards. About a third (34 percent) said they no longer shop at a specific retailer due to a past data breach issue.
- U.S Retailers Overconfident In Cybersecurity Controls – Tripwire
- Cybersecurity Retail Survey – Tripwire
- Uncovered: Targets, Methods and Motivations of Cybercrime – Trustwave
- M-Trends 2014: Beyond the Breach – Mandiant
- 2014 Data Breach Investigations Report – Verizon
- Data Breach Survey: Consumers Hold Retailers Responsible, Second Only to Criminals – Brunswick Group
- Interactions Finds 45 Percent of Shoppers Don’t Trust Retailers to Keep Information Safe – Interactions
Are retailers overconfident about their risk levels when it comes to security breaches? What lessons do you think retailers have learned from major breaches that have been made public over the past couple of years?