It seems like data breaches against retailers garner the most news coverage and perhaps consumer outrage. I’ve heard more about breaches suffered by Target, Home Depot, and so on than I have about other industries concerning breaches and data exposure. Even to this day, the Target breach is the standard to which all breaches are compared – despite equally devastating and bigger breaches against the health care industry, government agencies or even the Yahoo breach.
Because retail is a popular target (excuse the pun) of hackers and because they are breaches that turn up in mainstream news most often, I was interested to see the results of a new study from Thales, in conjunction with analyst firm 451 Research. According to the study, 52 percent of American retailers have experienced a data breach at some point in the past. My first thought was that since the retail industry is aware how susceptible they are to hackers, they would be stepping up their security game. At first glance, that’s the appearance, as data breaches against retailers have dropped from 22 percent in the 2016 survey to 19 percent this year. This number is lower than any other U.S. industry vertical polled for the 2017 report.
However, this doesn’t appear to be the case, as 88 percent of respondents admitted they consider their infrastructure to be vulnerable, with nearly one in five stating they are very vulnerable. And on a global level, retail data breaches are happening at a faster rate than in the U.S., with 43 percent reporting they’ve been breached in the last year.
A comment from Garrett Bekker, principal analyst for information security at 451 Research, provided a little insight into why retailers feel so vulnerable. He said in a formal statement:
These distressing breach rates serve as stark proof that data on any system can be attacked and compromised. Unfortunately, organizations keep spending on the same security solutions that worked for them in the past, but aren’t necessarily the most effective at stopping modern breaches.
And sure enough, one of the concerns revealed in the study is that while the vast majority of retailers are increasing their security budgets and efforts, the money isn’t being spent wisely. It’s a problem that many organizations deal with. They focus their security tools on old, more familiar issues and on what worked in the past – and true, you can’t ignore these areas – but at the same time, there also needs to be a greater emphasis on how to address emerging threats, the growing sophistication of attacks, and new technologies and endpoints. The question is if retailers are increasing their security budgets, then why do they still feel so vulnerable to potential attacks? As Peter Galvin, vice president of strategy, Thales e-Security, said in a formal statement:
With tremendous sets of detailed customer behavior and personal information in their custody, retailers are a prime target for hackers so should look to invest more in data-centric protection. And as retailers dive head first into new technologies, data security must be a top priority as they continue to pursue their digital transformation.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba