Skip to main content

CSA Exclusive: Retailers vulnerable to cybersecurity threats

Retailers do not feel confident about cybersecurity issues.

New survey results released exclusively to Chain Store Age indicate fewer than half of retailers feel confident in their ability to respond to cyberthreats.

Forty-four percent of retailer respondents said they can respond to incidents, mitigate threats (43%) or understand threats in the first place (41%), according to a September 2021 Rackspace Technology-sponsored survey of 1,420 decision-makers at businesses including retailers.

Retail respondents also said their ability to manage application security in a more complex environment is influenced by a faster release/delivery cycle (54%); new ways of working, such as devops or agile development practices (53%); microservice application architectures (50%); hybrid/multicloud environments (49%); and container runtime environments (45%). 

In addition, retail respondents indicate that most cyberattacks against them occur on network/platforms (55%), web applications (53%) and/or network operating systems (51%). More than half (52%) involve stolen credentials, while 48% are advanced persistent threats (APTs) and 40% result from unauthorized exposure to data (40%).

Forty-three percent of surveyed retailer decision-makers said the expanding use of the cloud, Internet of Things (IoT) and applications is driving the need for new security. Also challenging retailers’ cybersecurity are increasing opportunities for attackers as data volumes, digital operations and remote work grow (46%), as well as constantly growing threats and attack methods (40%).

Forty-six percent of retail respondents find recruiting and retaining cybersecurity talent and skills challengingWhen asked how they would fill the cybersecurity skills gap, 52% of retail respondents said their internal training is effective for cybersecurity talent retention and 47% said they will look to external recruitment agencies.

When asked what the most important cybersecurity skills are, retailers’ top responses were cloud security (50%), network security (46%) data privacy/security (43%), risk management (41%), and risk compliance audits (35%).

According to retailers, the following methods prove very effective in solving cybersecurity needs/challenges:

  • 51% security automation;
  • 51% engaging with security services partners;
  • 51% improving data encryption;
  • 50% advanced endpoint security;
  • 49% recognizing supply chain security risks;
  • 45% zero trust security adoption; and
  • 43% continuing improvements in response capabilities.

[Read more: Don’t be haunted by security threats this Halloween]

Rackspace Technologies also released some interesting data collected from all respondents across all verticals. Half of the 1,420 surveyed IT decision-makers, including retailers as well as manufacturers, hospitality/travel, healthcare/pharma/biomedical, government and financial services companies/organizations, admitted they are not “fully confident” they could respond to data, malware phishing, supply chain, ransomware, cloud, IoT and application attacks. Fewer than half said they can mitigate or understand threats.

Top cybersecurity and compliance challenges included lack of expertise (84%), lack of resources (82%), lack of time (67%) and lack of training information (66%).

Most respondents said cybersecurity is managed by in-house staff with some external third-party expert help. Cybersecurity partners are usually managed security service providers (MSSPs), managed detection and response providers (MDRs), or system integrators.

A majority of respondents have from one to five external partners/providers for cybersecurity. Cloud, data, app, network and identity access are most frequently handled by in-house staff, while 46% of network security and 38% of integrated risk security are handled by external partners.

This ad will auto-close in 10 seconds