Data breaches skyrocket in retail
50 percent of retailers experiencing a breach in the last year
Although 84 percent plan to increase IT security spending, report indicates greatest spending plans are for defenses that are ranked least effective.
Thales announces the results of its 2018 Thales Data Threat Report, Retail Edition. According to U.S. retail respondents, 75 percent of retailers have experienced a breach in the past compared to 52 percent last year, exceeding the global average. U.S retail is also more inclined to store sensitive data in the cloud as widespread digital transformation is underway, yet only 26 percent report implementing encryption – trailing the global average.
Year-over-year breach rate takes a turn for the worse
While last year’s report showed an encouraging decrease in breaches, this year U.S. retail data breaches more than doubled from 19 percent in the 2017 survey to 50 percent. This massive increase drove U.S. retail to be the second highest vertical polled to experience a data breach in the last year, ahead of healthcare and financial services and only slightly behind the U.S. federal government.
Digital transformation brings increased risks to data
According to the report, 95 percent of U.S. retail organizations will use sensitive data in an advanced technology environment (such as cloud, big data, IoT and containers) this year. More than half believe that sensitive data use is happening now in these environments without proper security in place. Each of these technology environments comes with unique security challenges. As the attack surface increases, unique data security challenges need to be addressed.
Garrett Bekker, principal analyst for information security at 451 Research says: “Retailers continue, year after year, to spend on the same security solutions that worked for them previously. With increasingly porous networks and expanding use of external resources (SaaS, PaaS and IaaS most especially), traditional endpoint and network security are no longer sufficient to protect sensitive data.”
The increase in attacks against the retail sector calls into question why spending on data security isn’t more significant. Ironically, in the U.S., the traditional concerns about data security related to perceived complexity and business performance impact are now outpaced by a perceived lack of need, which was cited by 52 percent of respondents. Although not exactly the same globally, a lack of organizational buy-in was tied to 41 percent not perceiving a need for data security. The message here is that management needs a sense of urgency, and security professionals must do a better job of selling the importance of data security.
Security spending is up but not aligning with risk
The good news is that U.S. retail organizations are responding to the ever-increasing threat with 84 percent citing plans to increase IT security spending and 28 percent noting the increase would be significant. The bad news is that spending is not going to what respondents believe are the most effective defenses.
The retail sector recognizes the need for encryption to protect sensitive data. Forty-nine percent require encryption to increase cloud usage and 44 percent need system level encryption and access controls to expand the use of big data. More than half (52 percent) believe encryption (along with anti-malware tools) is needed to drive IoT adoption. This is in addition to encryption being the number one choice to satisfy compliance and data security laws such as GDPR, Korea’s PIPA and APPI in Japan.
Seemingly contradicting themselves, both U.S. and global retail ranked endpoint and mobile defenses as those that will get the largest spending increase (72 percent U.S.; 52 percent global) even though they rank them the least effective. A bright spot is that more organizations are recognizing the threat to cloud data and with that 49 percent of respondents have ranked cloud at the top of their IT security spending priorities.
Peter Galvin, chief strategy officer, Thales eSecurity says: “This year’s significant increase in data breach rates should be a wakeup call for all retail organizations. Digital transformation is well underway and the business benefits of the cloud, big data, IoT and mobile payment technologies are compelling and fueling widespread adoption. However, with the flow of sensitive data through all of these disparate platforms and technologies, the attack surface increases exponentially and with it the risk of a data breach.”
channels: security technology, IT security
