Study: Retailers face significant cyber risks
Retailers that think they have digital security under control may want to take a second look at their protocols.
According to a new study from risk predictive analytics firm Bay Dynamics, "The Pre-Holiday Retail Risk Report," a significant amount of retailers assign the same login credentials to employees and do not know if employees have leaked sensitive data.
Despite these common gaps, a majority of 125 retail IT decision-makers surveyed said they have full confidence that their sensitive information is sufficiently protected.
Specifically, 62% of respondents said they know everything their permanent employees are doing on their corporate systems, and 50% said they know everything temporary employees are doing on their corporate systems. However, 21% said permanent retail floor workers and 61% said temporary floor workers do not have unique login credentials for corporate systems.
Furthermore, 37% of respondents said they cannot identify which systems their temporary employees have accessed. And more than a quarter of respondents said they don't know if their temporary employees have ever had access to and/or sent data they should not have had access to or sent.
Almost half (47%) of respondents said temporary workers are somewhat risky to their organization and more than a third view them as a high risk. The majority (66%) also view permanent workers as somewhat risky.
Despite this high level of risk awareness, on a scale of 1 to 7, with 7 being the most proactive, the majority of retailers (80% or higher) gave themselves a 6 or higher when it comes to identifying critical assets that must be protected, detecting theft or data leakage, and controlling employee access to critical assets.
To help retailers minimize their cyber risk, Bay Dynamics recommends retailers take an “inside-out” approach to security. That includes focusing on how their insiders -- employees and third party vendor users -- are behaving daily so that if a user isn't acting like himself or is exhibiting risky behavior, the retailer can quickly identify, address and remediate it.