sb-as logo
Story image

US retail sector security spend focuses on the wrong areas, says report

20 Jul 2018

Retailers in the United States are more inclined to store data in the cloud, but they’re also likely to ignore encryption as a means of keeping that data safe, a new report from Thales says.

That ignorance may be one of the contributing factors to a massive surge in data breaches against the US retail sector, which is now the second-highest vertical to experience a data breach in the last year.

The 50% jump in breaches against the US retail sector is second only to breaches against the government. Retail breaches also eclipse breaches against the healthcare and financial services sectors.

The 2018 Thales Data Threat Report found that out of 1200 senior security executives, 75% have experienced a breach in the last year, however only 26% use some sort of encryption to keep their data safe.

In addition, 95% use sensitive data use sensitive data in ‘an advanced technology environment’ such as cloud, big data, IoT and containers, however more than half believe that data is used in these environments without proper security in place.

"This year's significant increase in data breach rates should be a wakeup call for all retail organizations,” warns Thales eSecurity chief strategy officer Peter Galvin.

“Digital transformation is well underway and the business benefits of the cloud, big data, IoT and mobile payment technologies are compelling and fueling widespread adoption. However, with the flow of sensitive data through all of these disparate platforms and technologies, the attack surface increases exponentially and with it the risk of a data breach."

The report also calls into question why the retail sector isn’t spending more on data security, although these is good news ahead – 84% have plans to increase IT security spending.

However, that spending may be targeted towards the wrong places – 72% say endpoint and mobile defences will get the largest spending increase, even though the same respondents also rank those defences as the least effective.

“These organizations continue, year after year, to spend on the same security solutions that worked for them previously,” says 451 Research principal analyst for information security, Garrett Bekker.

“With increasingly porous networks and expanding use of external resources (SaaS, PaaS and IaaS most especially), traditional endpoint and network security are no longer sufficient to protect sensitive data,” Bekker continues.

The retail sector does recognize the need for encryption to protect sensitive data.

Overall, 49% require encryption to increase cloud usage – despite only 26% using encryption in practice, and 44% need system level encryption and access controls to expand the use of big data.

Fifty-two percent believe encryption (along with anti-malware tools) is needed to drive IoT adoption. This is in addition to encryption being the number one choice to satisfy compliance and data security laws such as GDPR, Korea's PIPA and APPI in Japan.

Story image
Kasada launches new defenses against bot attacks
Kasada has announced the general availability of its new V2 platform in a bid to address the increasing sophistication of bot attacks.More
Story image
Infrastructure-as-code, and how it can secure the cloud
Bridgecrew recognised IaC early on as one of the best ways for modern teams to delegate security ownership to individual contributors while distributing it across existing frameworks within CI/CD pipelines. This attribute meant that IaC was invaluable in securing cloud-native environments.More
Story image
Fujitsu, Trend Micro team up to secure private 5G
"We believe that this security solution represents a key technology for applying private 5G to mission-critical areas."More
Story image
Kroll completes Redscan acquisition, expands cyber risk portfolio
With the addition of Redscan and its extended detection and response (XDR) enabled security operations centre (SOC) platform, Kroll expands its Kroll Responder capabilities to support a wider array of cloud and on-premise telemetry sources.More
Story image
IT leaders prioritising automation, Zero Trust and API-based security investments
"The study shows that a cocktail of multiplying threats, the proliferation of hybrid and cloud architectures, blended with a pandemic-fuelled explosion in distributed and remote work has created a perfect storm for network security teams."More
Story image
Pandemic sees organisations of all sizes and industries invest in CTI
There is opportunity for organisations to better manage their cyber-threat intelligence for greater security and threat intelligence effectiveness by adopting the right tools and processes.More