Study: Retailers overconfident in endpoint security efforts

More retailers are eager to ward off far-reaching cyber-attacks, yet too many companies are ill-equipped to quickly detect a breach.



This sobering detail was revealed in a new study from Tripwire. The study tapped 763 IT professionals from various industries, including 100 participants from the retail sector. The report measures the confidence and efficacy among the professionals in regard to seven key security controls that must be in place to quickly detect a cyber-attack in progress.



For example, 71% of the retail respondents believed they could detect configuration changes to endpoint devices on their organizations’ networks within hours. In reality however, only 51% of the respondents knew exactly how long this process would take, data revealed.



Retailers are adding vulnerability scanning platforms and other safeguards, including software that detects, isolates and even removes an unauthorized device from their networks. However, there is still a disconnect when it comes to visibility.



For example, only 43% of the respondents know exactly how long it would take for their vulnerability scanning systems to generate an alert if an unauthorized device was detected on their networks. Meanwhile, only 51% know exactly how long it would take to isolate and remove an unauthorized device on their networks, the study said.



Further, 51% of professionals believe their automated tools do not pick up all the necessary information, such as the locations and departments, needed to identify unauthorized configuration changes to endpoint devices. Data also showed that more than one-third (36%) of the respondents said less than 80% of patches succeed in a typical patch cycle.



Even more concerning is that 38% of respondents reported that all detected vulnerabilities are not fixed within 15 to 30 days, the study said.



“The increased scrutiny of retail cyber security in the wake of major breaches has forced organizations to focus on securing their environments, yet survey results show that there’s still a lot of room for improvement,” said Tim Erlin, senior director of IT security and risk strategy at Tripwire. “Retailers are well aware of the risks involved, and need to remain focused on implementing strong controls to limit malicious access to their environments.”