Retail Security Not Getting Any Better, BitSight Study Finds
External indicators of network security compromises continue to rise among the majority of retailers, according to data collected by BitSight.Despite a year’s worth of major security breaches, retailers continue to be compromised by opportunistic malware, suggesting that the security of their networks and data has failed to improve and may have even worsened, according to data collected by security-ratings firm BitSight. The research, released on Nov. 18, found that 58 percent of a group of 300 retail companies tracked by BitSight experienced an average drop over the past year of 90 points on the rating firm’s security index. However, of 20 companies known to have had a breach in the last year, three-quarters have improved their security rating, boosting their score by an average of 50 points, the research found. The data suggest that many retailers are not taking security threats seriously until they are breached, Stephen Boyer, co-founder and chief technology officer of BitSight, told eWEEK. “When we look at the sector overall, it does not look good,” he said. “But for those that have been breached—either because they have gotten the resources or have ‘gotten religion’—there has been an improvement.”
The BitSight Security Rating measures external indicators—such as known spam servers and botnets operating from within a company’s network—to estimate the degree to which a company appears to manage its security. The company uses a variety of threat intelligence to assign a score between 250 and 900.