Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Retail Security Not Getting Any Better, BitSight Study Finds

    By
    Robert Lemos
    -
    November 20, 2014
    Share
    Facebook
    Twitter
    Linkedin
      Retail Security B

      Despite a year’s worth of major security breaches, retailers continue to be compromised by opportunistic malware, suggesting that the security of their networks and data has failed to improve and may have even worsened, according to data collected by security-ratings firm BitSight.

      The research, released on Nov. 18, found that 58 percent of a group of 300 retail companies tracked by BitSight experienced an average drop over the past year of 90 points on the rating firm’s security index. However, of 20 companies known to have had a breach in the last year, three-quarters have improved their security rating, boosting their score by an average of 50 points, the research found.

      The data suggest that many retailers are not taking security threats seriously until they are breached, Stephen Boyer, co-founder and chief technology officer of BitSight, told eWEEK.

      “When we look at the sector overall, it does not look good,” he said. “But for those that have been breached—either because they have gotten the resources or have ‘gotten religion’—there has been an improvement.”

      The BitSight Security Rating measures external indicators—such as known spam servers and botnets operating from within a company’s network—to estimate the degree to which a company appears to manage its security. The company uses a variety of threat intelligence to assign a score between 250 and 900.

      While the data does not directly indicate how secure a company may be, it does give a sense of how seriously a company takes security, Boyer said.

      “We see that culture really, really matters,” he said. “When you think about these measurements that we see, we just see the external outcomes. But if a company is not cleaning up these compromises, they are unlikely to be getting the more serious stuff as well.”

      Evidence of malware generally increased over the past year, BitSight discovered. The number of malware servers, botnet infections and potentially exploited hosts jumped in the past 12 months, the company found. Only the number of spam servers dropped during that period.

      In addition, the average length of time it took to remove an infection increased to 1.36 days from 1.26 days, according to BitSight.

      Companies did not just have to pay attention to their own networks, but to those of partners as well. Of the 20 companies that had been breached, about one-third of the breaches occurred because of a third party, according to BitSight.

      “You really have to think about the entire ecosystem,” Boyer said. “We are finding out, that, even if you have locked your systems down, you could still be breached through a third party.”

      Not all retailers showed increasing evidence of breaches, according to BitSight. One-third of retail companies significantly improved their security posture, raising their security rating by an average of 70 points, the firm said.

      Robert Lemos
      Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's written for Ars Technica, CNET, eWEEK, MIT Technology Review, Threatpost and ZDNet. He won the prestigious Sigma Delta Chi award from the Society of Professional Journalists in 2003 for his coverage of the Blaster worm and its impact, and the SANS Institute's Top Cybersecurity Journalists in 2010 and 2014.

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×