Study: Retailers are among cyber criminals’ top targets
Deena M. Amato-McCoy
Despite an encouraging decrease in data breaches last year, cyberattacks are not only on the rise in retail, they are gaining momentum.
Seventy-five percent of retailers have experienced a data breach in the past compared to 52% last year, exceeding the global average, according to the “2018 Thales Data Threat Report, Retail Edition,” from critical information systems provider Thales.
Retail data breaches in the United States more than doubled to 50% from 19% in the 2017 survey. This massive increase drove U.S. retail to be the second highest vertical polled to experience a data breach in the last year, ahead of healthcare and financial services, and only slightly behind the U.S. federal government, according to the study.
Despite these intrusions, U.S. retail is increasingly inclined to store sensitive data in the cloud as widespread digital transformation is underway. Yet, only 26% of companies reported implementing encryption — which trails the global average.
Meanwhile, 95% of U.S. retail organizations plan to use sensitive data in an advanced technology environment (such as cloud, big data, IoT and containers) this year. More than half believe that sensitive data use is happening now in these environments without proper security in place.
In the U.S., the traditional concerns about data security related to perceived complexity and business performance impact are now outpaced by a perceived lack of need (52%). A lack of organizational buy-in was tied to 41% of respondents not perceiving a need for data security.
The good news is that 84% of U.S. retail organizations plan to increase IT security spending, and 28% noted the increase would be significant. The bad news is that spending is not going to what respondents believe are the most effective defenses.
The retail sector recognizes the need for encryption to protect sensitive data, with 49% requiring encryption to increase cloud usage and 44% needing system level encryption and access controls to expand the use of big data. More than half (52%) believe encryption (along with anti-malware tools) is needed to drive IoT adoption. This is in addition to encryption being the number one choice to satisfy compliance and data security laws, such as GDPR, Korea's PIPA and APPI in Japan.
Seemingly contradicting themselves, both U.S. and global retail ranked end-point and mobile defenses as those that will get the largest spending increase (72% U.S.; 52% global) even though they rank them the least effective. A bright spot is that more organizations recognize the threat to cloud data, as 49% of respondents have ranked cloud at the top of their IT security spending priorities.
Other key findings include:
• Sixty-seven percent of U.S. retailers are planning to implement database and file encryption this year;
• Two of the top three tools needed for additional cloud use are encryption with enterprise key control or cloud provider key management; and
• For the first time, compliance is not identified as one of the top five security spending drivers.
"This year's significant increase in data breach rates should be a wakeup call for all retail organizations,” said Peter Galvin, chief strategy officer, Thales eSecurity.
“Digital transformation is well underway and the business benefits of the cloud, big data, IoT and mobile payment technologies are compelling and fueling widespread adoption,” he said. “However, with the flow of sensitive data through all of these disparate platforms and technologies, the attack surface increases exponentially and with it, the risk of a data breach."