The Rippleshot Data Breach Blog

Retailers ‘Vulnerable’ As Repeat Data Breaches Hit

Written by Anna Lothson | Aug 4, 2017 8:16:57 PM

When it comes to data breaches, not everyone learns from their mistakes. This is the case for some retailers who’ve found out the hard way how easy it is for their systems to be breached not just once, but multiple times.

A new study, “2017 Thales Data Threat Report, Retail Edition,” from Thales e-Security and analyst firm 451 Research, indicates that (of those surveyed), 52 percent experienced a data breach, with 19 percent experiencing a breach in the past year; 11 percent saw more than one breach.

“These distressing breach rates serve as stark proof that data on any system can be attacked and compromised,” said Garrett Bekker, principal analyst for information security at 451 Research. “Unfortunately, organizations keep spending on the same security solutions that worked for them in the past, but aren’t necessarily the most effective at stopping modern breaches.”

INSIDE THE DATA

The study gathered data from more than 1,100 senior security experts, which included those in the retail sector from across the world. The report also concluded that 88 percent of those surveyed said they felt vulnerable to a cyberattack. From that figure, 19 percent indicated they were “very” or “extremely” vulnerable.

The report notes that one of the major problems retailers face is the fact that they aren’t always effectively implementing security measures. Although they are increasing their IT security spending budgets (+77%), the money isn’t always being allocated in ways that actually prevent breaches from occurring.

Respondents pointed to enhanced network security as being an effective method of preventing breaches, but research shows this isn’t enough to thwart off hackers and fully protect data. The report also indicated that retailers may be falling behind security trends — the same trends fraudsters are capitalizing on. What may have worked to protect retailers the past (network security, endpoint protection, etc.) may not be keeping up with the demands of today’s breach ecosystem that faces evolved threats from more sophisticated hacking tools and techniques.

WHAT'S GOING WRONG?

In the report, 95 percent of retailers said they use sensitive data in an advanced technology environment (cloud, IOT, etc.), but a majority of those respondents (53%) said they believe that same sensitive data is also being used in those environments without proper security measures in place.

“It’s encouraging that yearly retail data breach rates have finally started to drop, but rates are still quite high,” said Peter Galvin, VP of strategy, Thales e-Security. “With tremendous sets of detailed customer behavior and personal information in their custody, retailers are a prime target for hackers so should look to invest more in data-centric protection. And as retailers dive head first into new technologies, data security must be a top priority as they continue to pursue their digital transformation.”