Retail IT Professionals More Prepared for Data Breaches

Tripwire's 2016 survey found the use of breach detection technologies remains flat despite rising threats, but confidence in finding breaches is higher.

tripwire and it security

One-third of retail IT professionals say a data breach has occurred at their company, according to a Tripwire survey of 200 respondents conducted by Dimensional Research.

Tripwire’s 2016 Retail Security Survey found that 90 percent of the respondents believe they could detect a data breach on critical systems in one week or less. That contrasts with 70 percent in 2014.

The survey also found three-quarters of 2016 respondents believe they could detect a breach within 48 hours, compared with 42 percent in 2014. Retail data breaches involving personally identifiable information (PII) have more than doubled since 2014.

When asked if a data breach occurred at their organization where PII was stolen or accessed by intruders, a third of the respondents said—an increase from 14 percent in 2014.

"The most surprising finding was that the percentage of breach detection products remains stagnant, even among the growing threat landscape that retailers are facing over the same time period," Travis Smith, senior security researcher at Tripwire, told eWEEK.

The softest spot for many retailers remains to be the implementation of the point of sale network, Smith said.

"An increased level of network access both in and out of the network provides attackers a larger attack surface to both infiltrate and exfiltrate a retailer’s systems," he said.

Survey results also indicated companies with larger revenues monitor configuration parameters on critical payment assets less frequently.

Sixty-five percent of respondents working for organizations with revenues of less than $100 million check their compliance at least weekly, while 55 percent of respondents with revenues of more than $100 million answered similarly.

"The number of attacks against retailers will continue to rise. The number of successful attacks continues to grow, which is providing incentive for cyber criminals to continue their campaigns," Smith said. "However, retailers are presented with an opportunity, as the attackers are using similar tactics in each breach."

Implementing proper network segmentation will reduce the likelihood that an attacker can get into and/or get data out of the point of sale network, he noted.

Implementing host-based security controls such as antivirus, whitelisting and file integrity monitoring will reduce the likelihood that point-of-sale-based malware can successfully be installed and executed on machines targeted by these cyber criminals, he said.

However, implementation of breach detection technology has remained flat—in both 2014 and 2016, 59 percent of the respondents said their breach detection products were only partially or marginally implemented.

Both Tripwire surveys defined breach detection as antivirus software, intrusion detection systems, malware detection, whitelisting and file integrity monitoring.