Half of retailers experience security breaches in the past year
According to a new report, 52 percent of US retailers have suffered a data breach in the past year and 75 percent have had one at some time in the past.
The latest Thales Data Threat Report, Retail Edition, also shows that US retail data breaches more than doubled from 19 percent in the 2017 survey to 50 percent, making retail the second most breached industry vertical this year.
There is a continuing push towards new technology according to the report, 95 percent of US retail organizations will use sensitive data in an advanced technology environment (such as cloud, big data, IoT and containers) this year. Worryingly more than half believe that sensitive data use is happening now in these environments without proper security in place. As the attack surface increases with new environments, unique data security challenges need to be addressed.
"This year's significant increase in data breach rates should be a wakeup call for all retail organizations," Peter Galvin, chief strategy officer at Thales eSecurity says. "Digital transformation is well underway and the business benefits of the cloud, big data, IoT and mobile payment technologies are compelling and fueling widespread adoption. However, with the flow of sensitive data through all of these disparate platforms and technologies, the attack surface increases exponentially and with it the risk of a data breach."
There is positive news in that 84 percent of retailers say they plan to increase IT security spending with 28 percent noting the increase would be significant. However, spending is not going on the things respondents believe are the most effective defenses.
Among respondents, 49 percent require encryption to increase cloud usage and 44 percent need system level encryption and access controls to expand the use of big data. More than half (52 percent) believe encryption (along with anti-malware tools) is needed to drive IoT adoption. This is in addition to encryption being the number one choice to satisfy compliance and data security laws such as GDPR, Korea's PIPA and APPI in Japan.
Seemingly contradicting themselves, both US and global retailers rank endpoint and mobile defenses as those that will get the largest spending increase (72 percent US, 52 percent global) even though they rank them as the least effective. A bright spot is that more organizations are recognizing the threat to cloud data and 49 percent of respondents have ranked cloud at the top of their IT security spending priorities.
The full report is available to download from the Thales website.