Tripwire shares retail cyber security survey results

Retail shops

Security solutions provider Tripwire has shared results of its 2016 retail cyber security survey.

Tripwire surveyed over 200 IT professionals in the retail sector.

The study found that 90 percent of the respondents believe that they could detect a data breach on critical systems in one week or less. That is an increase from 70 percent reported in the previous survey conducted in 2014.

The Tripwire survey finding makes a huge difference compared with a report by Arbor Networks, which says retailers take an average of 197 days to detect advanced threats on their networks.

“Unfortunately, these results indicate that we can expect retail breach activity to continue in the future,” said Tim Erlin, director of IT security and risk strategy.

“Together these results indicate while retail organizations might feel better about their cyber security capabilities, there’s still a long way to go to close the gap between initial compromise and detection.”

Further, the survey found that 75 percent of the 2016 respondents believed they could detect a breach within 48 hours, compared with 42 percent in 2014.

Tripwire said retail data breaches involving personally identifiable information (PII) have more than doubled since 2014.

When asked if a data breach occurred at their organization where PII was stolen or accessed by intruders, one-third of the respondents said, “yes,” compared with fourteen percent in 2014.

With regard to implementing breach detection technology, in both 2014 and 2016, 59 percent of the respondents said their breach detection products were only partially or marginally implemented.

Both surveys defined breach detection as anti-virus software, intrusion detection systems, malware detection, white listing and file integrity monitoring.

Erlin noted that partially implemented tools are a serious liability for information security.

“Organizations need to move from a checkbox approach to measuring gaps in their security coverage. If you’re not monitoring one hundred percent of your endpoints, you’re leaving room for attackers to gain a foothold.”

[email protected]

Related News

Latest News

Latest News