Nearly three-quarters of retail orgs lack a breach response plan

Tim Erlin of Tripwire

With more than 174 million Americans shopping over the Thanksgiving holiday weekend, it’s looking to be a busy holiday season for retailers this year. As shoppers continue hunting for the perfect gift over the next couple weeks, it’s important to remember that cyber criminals will likely be on the hunt as well. How prepared are retailers to deal with an attack?

In an effort to answer that question, Tripwire surveyed IT security professionals working in retail organisations about their experiences and attitudes towards factors affecting IT security. The results found that a large majority are not fully prepared for data breaches this holiday season.

Of the respondents, only 28% of respondents said they have a fully tested plan in place in the event of a security breach. 21% said their organisation doesn’t have a plan at all, and the same proportion of respondents said they didn’t have the means to notify customers of a data breach within 72 hours, a requirement specified by the General Data Protection Regulation (GDPR).

“Considering the amount of high-profile data breaches that have occurred recently, plus the continued discussion around GDPR, it is surprising and concerning that many retailers do not have a tested plan in the event of a security breach,” said Tim Erlin, vice president of product management and strategy at Tripwire. “It’s encouraging that most respondents think they can meet the 72-hour notification window as set out in the upcoming GDPR, but if they haven’t tested their plans, I don’t know how confident they should be in that assumption.”

Only a small minority of the retail industry felt fully secure in their incident response capabilities. 23% of respondents said they were “fully prepared” to absorb potential financial penalties. Even fewer professionals (15%) said they were fully prepared to manage customer and press communications following an incident.

Not all the survey’s findings were discouraging, however. The results did provide some hope that the industry is moving in the right direction. More than half of respondents (57%) said that their organisation’s ability to detect and respond to a security breach has improved in the past year and a half. With the holiday season in full swing, organisations should make sure they have proper security safeguards in place.

“It’s really critical that organisations have a good view of what’s on their network at all times, that they harden their systems with secure configuration and vulnerability management, and that they are able to continuously monitor for change and are alerted to any drift outside the established security and compliance policies,” said Erlin.

There are a number of effective and established security control frameworks available to guide organisations, such as the CIS Critical Security Controls. Implementing even the most basic security controls can go a long way in improving an organisation’s security posture.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

FEATURED IoT STORIES

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, iot home automation is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more
RECENT ARTICLES

Infineon and Rainforest Connection create real-time monitoring system to detect wildfires

Posted on: October 22, 2021

Munich and San Jose, California, 21 October, 2021 – Infineon Technologies AG a provider of semiconductors for mobility, energy efficiency and the IoT, announced a collaboration with Rainforest Connection (RFCx), a non-profit organisation that uses acoustic technology, Big Data and Artificial Intelligence / Machine Learning to save the rainforests and monitor biodiversity.

Read more

Infineon simplifies secure IoT device-to-cloud authentication with CIRRENT Cloud ID service

Posted on: October 21, 2021

Munich, Germany. 21 October 2021 – Infineon Technologies AG launched CIRRENT Cloud ID, a service that automates cloud certificate provisioning and IoT device-to-cloud authentication. The easy-to-use service extends the chain of trust and makes tasks easier and more secure from chip-to-cloud, while lowering companies’ total cost of ownership. Cloud ID is ideal for cloud-connected product companies

Read more