Retailers: Don't be Complacent about Cybersecurity

The magnitude of a threat is felt only when it’s visible; so a cyberthreat is more often than not taken rather lightly. Also it’s hard to understand how devastating a cyberattack can be unless you’ve been a victim. Tripwire (News - Alert), a provider of security solutions highlights the sense of complacency that surrounds cybersecurity in the retail industry.

The Tripwire survey evaluated the attitudes of 154 retail organizations on a variety of cybersecurity topics and revealed that although U.S. retail firms appeared confident in their abilities to detect data breaches, the actual story was different.

Various security and threat reports underscore the fact that most breaches go undiscovered for long periods of time. Most point-of-sale intrusions took weeks to discover while 43 percent of Web application attacks took months to detect. Also, the number of firms that detected their own breaches dropped from 37 percent in 2012 to 33 percent in 2013.

The Christmas cyberattack on Target (News - Alert) Corp is believed to be part of a much broader security breach of a number of U.S. companies. It appears that Target was not the only victim of the attack, but many other companies also suffered during the Christmas sales craze. But how much of a jolt does this actually cause?

The survey report showed executives in bad light, as they failed to implement proper cybersecurity measures, leading to the recent removal of retail executives and board members. Many online-only retailers appeared to feel that the Target breach was not really a concern and was relevant only to the extent of increased executive attention.

In spite of all this, the confidence of retail firms to detect security breaches is amazing. Forty two percent said it would take 48 hours to detect a breach, 18 percent said it would take 72 hours, and 11 percent said it would take a week.

“Unfortunately, this data suggests that a lot of retailers are far too hopeful about their own cybersecurity capabilities,” said Dwayne Melancon, chief technology officer for Tripwire, adding “Despite ample historical evidence that most breaches go undiscovered for months, there is clearly a significant disconnect between perception and reality.”

The bright sport in this otherwise bleak horizon is that recent events have led to higher-level conversations about information security in the retail sector. Hopefully this will create a heightened awareness of cybersecurity and rid retailers of the sense of complacency that they are basking in.