|[June 25, 2014]
U.S. Retailers Overconfident in Cybersecurity Controls
PORTLAND, Ore. --(Business Wire)--
Inc., a leading global provider of risk-based security and
compliance management solutions, today announced the results of a retail
cybersecurity survey conducted by Dimensional Research and sponsored by
Tripwire (News - Alert). The survey evaluated the attitudes of 154 retail organizations
on a variety of cybersecurity topics.
Industry research indicates most breaches go undiscovered for weeks,
months or even longer. The 2014
Trustwave Global Security Report reveals that retail is the top
target for cybercriminals, comprising 35 percent of the attacks studied.
2014 Threat Report indicates that the average time required to
detect breaches was 229 days. The report also states that the number of
firms that detected their own breaches dropped from 37 percent in 2012
to 33 percent in 2013. The 2014
Verizon Data Breach Investigations Report indicates that 85 percent
of point-of-sale intrusions took weeks to discover, and 43 percent of
web application attacks took months to detect.
Despite these findings, U.S. retail firms are confident in their ability
to detect data breaches, according to the Tripwire survey. When asked
how quickly their organizations would detect a breach, 42 percent said
it would take 48 hours, 18 percent said it would take 72 hours, and 11
percent said it would take a week.
Thirty-five percent of respondents were "very confident," while 47
percent were "somewhat confident" that their security controls could
detect rogue applications such as those used to exfiltrate data during
"I always say that trust is not a control, and hope is not a strategy,"
said Dwayne Melancon chief technology officer for Tripwire.
"Unfortunately, this data suggests that a lot of retailers are far too
hopeful about their own cybersecurity capabilities. Despite ample
historical evidence that most breaches go undiscovered for months, there
is clearly a significant disconnect between perception and reality, even
though the repercussions for failing to meet the required level of rigor
around cybersecurity has led to the recent removal of retail executives
and board members."
Other key findings include:
70 percent of respondents said that the recent Target (News - Alert) breach has
affected the level of attention executives give to security in their
Online-only retailers were less concerned with the Target breach; only
57 percent said it has increased the level of executive attention.
26 percent of respondents don't evaluate the security of business
partners, such as HVAC contractors who were implicated in the Target
Melancon continued: "On the bright side, recent events have led to
higher-level conversations about information security in the retail
sector. This is a prime opportunity for retail information security
executives to educate their nontechnical peers, advocate for resources
and make substantive progress toward better information security."
For more information about the survey please visit: http://www.tripwire.com/company/research/us-retail-survey/.
Tripwire is a leading global provider of risk-based security and
compliance management solutions, enabling enterprises, government
agencies and service providers to effectively connect security to their
business. Tripwire provides the broadest set of foundational security
controls including security
configuration management, vulnerability
integrity monitoring, log
solutions deliver unprecedented visibility, business context and
security business intelligence allowing extended enterprises to protect
sensitive data from breaches, vulnerabilities, and threats. Learn more
get security news, trends and insights at our award
winning blog http://www.tripwire.com/state-of-security/
or follow us on Twitter (News - Alert) @TripwireInc.
[ Back To Homepage ]