Post Target many retailers continue to leave data at risk
Writing on the company's blog CTO and co-founder Stephen Boyer says, "BitSight has continued to observe evidence of system compromise inside hundreds of retailers over the course of the year. Based on our data and analysis, we observed that there were many retailers with poor performance and that this downward trend has continued into the second half of 2014".
The blog goes on to highlight a number of instances since the Target breach where customer and credit card details have been compromised. It also points out that there are likely to be many more incidents that have gone unreported and are not likely to be revealed.
Boyer says, "The data here compels us to reiterate today what was expressed back in January: the evidence strongly suggests that organizations in the list above are not alone and does not bode well for the rest of the year".
He points out the importance of industry and peer benchmarking in helping companies improve their security. Measuring performance helps businesses gain insight into changes in their posture, and leads to better understanding of what actions are helping to improve their ratings. Benchmarking against the top-performing industries and comparing security practices can help set strategy and encourage the adoption of new standards.
Retailers need to adopt some of the techniques used by the financial industry in terms of continuous monitoring, regular risk assessments and responding quickly to emerging threats. They also need to make IT security a board level issue. Boyer concludes, "As retailers begin to adopt more of these measures and follow the best practices of top performing peers, we will likely see the number of breach incidents decline".