Many retailers still lack response plans for cyberattacks
Online threats facing retailers are becoming more complex and threatening, but many retailers are still unprepared to deal with such attacks.
Fifty-percent of retailers reported having no response plan for a data breach, which is 11% higher than the all-industry average, according to research from the Ponemon Institute. The most commonly reported attack methods are phishing (69%), Web-based attacks (54%), and malware attacks (40%).
The report found that 61% of retailers experienced a cyberattack within the past year. The average attack involving the loss of customer or employee data resulted in 7,772 individual records lost or stolen, with an average cost of $1.9 million from the disruption of normal operations.
Other findings include:
• Insufficient personnel (91%), insufficient budget (51%) and no understanding of how to protect themselves from cyberattacks (40%) were the most commonly cited challenges by retailers preventing fully effective security posture.
• Eighty-seven percent of retailers agree that cyberattacks are becoming more targeted, 67% believe attacks are becoming more severe and 61% think such attacks are becoming more sophisticated.
• Only one in three retailers believes they have adequate budget to achieve strong IT security, while over half do not. But 93% of retailers spend less than 20% of their overall IT budget on security, with an average spend of 11.5%.
• Sixty-nine percent of retailers agree that passwords are an important part of cybersecurity prevention, yet 51% don't have visibility into their employees' password practices.
"There are billions of stolen credentials on the dark web, and cybercriminals can wait for months for prime opportunities like peak online shopping season to exploit retailers' security vulnerabilities and make illegal purchases," said Darren Guccione, CEO and Co-founder of Keeper Security. "The reality is, the cybersecurity problems facing the retail industry are not problems of money or personnel, but of mindset. Retailers need to know there are easily implementable, cost-effective security solutions that can greatly bolster their security posture and largely prevent such cybercrime from happening."
Guccione offered three key tips for retailers:
• Educate employees regularly on best security practices and ways to avoid socially engineered attacks.
• Enforce strong login credentials and multi-factor authentication across all employee devices.
• Conduct regular security audits and encrypt business data.
The 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses, commissioned by Keeper Security, measured responses from over 2,000 IT and IT security professionals around the world, 239 of which were from the retail industry.