Retail organizations are increasingly outsourcing their security functions to MSSPs, a trend that appears likely to continue in the foreseeable future, according to the "2018 MSSP Benchmark Survey" from the Retail Cyber Intelligence Sharing Center (R-CISC).
Key findings from the R-CISC survey of chief information security officers (CISOs) across 45 retail organizations included:
- Quality of service/service-level agreements (SLAs) was the top MSSP decision-making factor, followed by price/value.
- 92 percent of respondents said the cost of developing and maintaining in-house talent and/or talent engagement and retention challenges were the top reasons for leveraging MSSP services.
- 90 percent choose MSSPs to provide event monitoring for IT infrastructure logs, firewalls and intrusion detection systems (IDS)/intrusion prevention systems (IPS).
- 36 percent expect their MSSP spending to increase, and 15 percent anticipate their MSSP spending will decrease.
- 23 percent expect to use an MSSP for threat intelligence and dark web monitoring services next year.
Cyber risks are evolving, and retail organizations cannot remain static, R-CISC indicated. However, annual managed security services investments can help these organizations keep pace with cyber risks.
Retail Data Breaches on the Rise
Approximately 75 percent of U.S. retailers have experienced a data breach to date, according to a survey of more than 1,200 senior security executives conducted by cybersecurity solutions provider Thales. Comparatively, 52 percent of survey respondents had suffered a data breach as of 2017.
Also, several globally recognized retailers have suffered data breaches this year, including:
- Tarte Cosmetics: This New York-based beauty products company exposed the personal data of 2 million online customers.
- CeX: This U.K. retailer said up to 2 million online customers had their data stolen due to a security breach.
- Kmart: A Kmart breach was discovered in May that involved malware on the company's in-store payment systems.
In addition to partnering with MSSPs, some retailers are taking steps to further reduce the risk of data breaches.
Fifty-three percent of retail IT security professionals have increased their security budget due in part to recent high-profile data breaches, a survey conducted by advanced threat detection solutions provider Tripwire and technology market research firm Dimensional Research revealed. Furthermore, 57 percent of respondents stated their organization's ability to detect and respond to a security breach has improved in the past 18 months.
