Upload
tripwire
View
375
Download
2
Tags:
Embed Size (px)
DESCRIPTION
Tripwire announced the results of a retail cybersecurity survey conducted by Dimensional Research and sponsored by Tripwire. The survey evaluated the attitudes of 154 retail organizations on a variety of cybersecurity topics. Industry research indicates most breaches go undiscovered for weeks, months or even longer. The 2014 Trustwave Global Security Report reveals that retail is the top target for cybercriminals, comprising 35 percent of the attacks studied. The Mandiant 2014 Threat Report indicates that the average time required to detect breaches was 229 days. The report also states that the number of firms that detected their own breaches dropped from 37 percent in 2012 to 33 percent in 2013. The 2014 Verizon Data Breach Investigations Report indicates that 85 percent of point-of-sale intrusions took weeks to discover, and 43 percent of web application attacks took months to detect. Despite these findings, U.S. retail firms are confident in their ability to detect data breaches, according to the Tripwire survey. When asked how quickly their organizations would detect a breach, 42 percent said it would take 48 hours, 18 percent said it would take 72 hours, and 11 percent said it would take a week. Thirty-five percent of respondents were “very confident,” while 47 percent were “somewhat confident” that their security controls could detect rogue applications such as those used to exfiltrate data during data breaches. “I always say that trust is not a control, and hope is not a strategy. Unfortunately, this data suggests that a lot of retailers are far too hopeful about their own cybersecurity capabilities” said Dwayne Melancon, chief technology officer for Tripwire. “Despite ample historical evidence that most breaches go undiscovered for months, there is clearly a significant disconnect between perception and reality, even though the repercussions for failing to meet the required level of rigor around cybersecurity has led to the recent removal of retail executives and board members.” Other key findings include: - 70 percent of respondents said that the recent Target breach has affected the level of attention executives give to security in their organizations. - Online-only retailers were less concerned with the Target breach; only 57 percent said it has increased the level of executive attention. - 26 percent of respondents don’t evaluate the security of business partners, such as HVAC contractors who were implicated in the Target breach. Melancon continued: “On the bright side, recent events have led to higher-level conversations about information security in the retail sector. This is a prime opportunity for retail information security executives to educate their nontechnical peers, advocate for resources and make substantive progress toward better information security.” For more information about the survey please visit: http://www.tripwire.com/company/research/us-retail-survey/ .
Citation preview
U.S. Retail Survey Research
SPONSORED BY TRIPWIRE INC - CONDUCTED BY DIMENSIONAL RESEARCH
U.S. Retail Survey Research
SPONSORED BY TRIPWIRE INC
Conducted by Dimensional Research
3
Methodology
Tripwire, Inc., a leading global provider of risk-based security and compliance management solutions, recently released the results of a survey which evaluated the attitudes of 154 retail companies on a variety of cybersecurity topics.
The survey was sponsored by Tripwire and conducted by Dimensional Research.
4
How quickly would your organization detect a data breach on critical systems?
With
in thr
ee da
ys
With
in a w
eek
With
in a m
onth
With
in thr
ee m
onths
Not co
nfide
nt tha
t we c
an de
tect c
ritica
l sys
tems b
reach
es qu
ickly
0%
10%
20%
30%
40%
50%
60%
5
How confident are you that your security controls can detect rogue applications (such as those used to exfiltrate data)?
Very confident Somewhat confident Not at all confident0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
50%
6
The recent breach of Target's systems has affected the level of attention that executives in my company give to security.
All Retailers Online Only0%
10%
20%
30%
40%
50%
60%
70%
70%
57%
7
How do you evaluate the security of business partners in your supply chain?
We r
eview
compl
iance
and a
udit
repor
ts whe
n we s
ign t
he co
ntrac
t
Our co
ntrac
t req
uires
“bes
t effo
rt” to
prot
ect o
ur se
nsiti
ve da
ta
We a
sk fo
r web
and v
ulne
rabili
ty sc
an re
ports
of th
eir ne
twor
ks on
a reg
ular
basis
We d
on’t
evalu
ate th
e sec
urity
of ou
r bus
ines
s part
ners
0%
5%
10%
15%
20%
25%
30%
35%