Tripwire Survey: 72% of Retailers Lack a Fully Tested Breach Response Plan
Most retailers are unprepared to deal with cyberattacks, according to a survey of 103 IT security professionals from retail organizations conducted by advanced threat detection solutions provider Tripwire and technology market research firm Dimensional Research.
Key findings from the Tripwire-Dimensional Research survey included:
- 82 percent of respondents said their organization is “somewhat prepared” to notify customers about a security breach.
- 35 percent would notify customers about a security breach within 48 hours, and 31 percent would notify customers within 24 hours.
- 28 percent have a fully tested plan in place in the event of a security breach, 51 percent have a plan that has not been tested and 21 percent do not have a plan.
- 23 percent said they are “fully prepared” to absorb potential financial penalties after a security breach.
- 15 percent are fully prepared to manage customer and press communications after a security breach.
Although most retailers are uncertain about how to handle security breaches, many retail organizations are taking steps to enhance their cybersecurity strategies.
Fifty-three percent of IT security professionals noted their organization’s security budget has increased as a result of recent high-profile data breaches, the survey indicated. In addition, 57 percent stated their organization’s ability to detect and respond to a security breach has improved in the past 18 months.
Biggest Retail Breaches of 2017
Many retailers have suffered data breaches this year, including:
- Tarte Cosmetics: This New York-based beauty products company exposed the personal data of 2 million online customers; the data leak occurred due to a misconfiguration of two of the company’s open source MongoDB databases that allowed public access to online customer data.
- CeX: This U.K. retailer said up to 2 million online customers had their data stolen after one of its systems was breached.
- Kmart: In May, a Kmart breach was discovered that involved malware on the company’s in-story payment systems.
Retail data breaches remain problematic, but MSSPs can provide cybersecurity expertise and guidance to retailers around the globe. That way, MSSPs can help retailers safeguard their networks and point-of-sale (POS) systems and ensure compliance with the Payment Card Information Data Security Standard (PCI-DSS).
Netsurion, Lucas Systems Partner to Help Retailers Address Cyberattacks
Netsurion, an MSSP that provides compliance support and security information and event management (SIEM) solutions, and Lucas Systems now provide retailers with cyberattack protection for network and POS systems.
The companies last month announced a partnership that provides Lucas Systems customers with access to the Netsurion managed network security solution, according to a prepared statement. Also, Netsurion empowers Lucas Systems customers with tools to help meet PCI-DSS.