We would like to keep you up to date with the latest news from Digitalisation World by sending you push notifications.
Digital Newsletter
Each week our editor Phil Alsop rounds up the most popular articles, videos and expert opinions. We compile this into a Digital Newsletter and send it straight to your inbox every week.
Digital Magazines
We'll let you know each time a new edition of Digitalisation World is released so that you're always kept up-to-date with the latest and greatest news and press releases.
Video Magazines
The Digitalisation World Video magazine contains the latest Zoom interviews with experts in the industry.
Click to Tweet: Three-quarters of U.S. retailers have experienced a data breach, half in the last year #2018DataThreat https://bit.ly/2u6K5G6
Year-over-year breach rate takes a turn for the worse
While last year’s report showed an encouraging decrease in breaches, this year U.S. retail data breaches more than doubled from 19% in the 2017 survey to 50%. This massive increase drove U.S. retail to be the second highest vertical polled to experience a data breach in the last year, ahead of healthcare and financial services and only slightly behind the U.S. federal government.
Digital transformation brings increased risks to data
According to the report, 95% of U.S. retail organisations will use sensitive data in an advanced technology environment (such as cloud, big data, IoT and containers) this year. More than half believe that sensitive data use is happening now in these environments without proper security in place. Each of these technology environments comes with unique security challenges. As the attack surface increases, unique data security challenges need to be addressed.
Garrett Bekker, principal analyst for information security at 451 Research says:
“These increases come as no surprise to retailers. While nearly 95% of retailers acknowledge vulnerability to data breaches, now almost half recognise they are extremely vulnerable. This is an increase of 30% from the previous year. While this trend can be partially attributed to U.S. retailers aggressively pursuing a multi-cloud strategy, these organisations continue, year after year, to spend on the same security solutions that worked for them previously. With increasingly porous networks and expanding use of external resources (SaaS, PaaS and IaaS most especially), traditional endpoint and network security are no longer sufficient to protect sensitive data.”
The increase in attacks against the retail sector calls into question why spending on data security isn’t more significant. Ironically, in the U.S., the traditional concerns about data security related to perceived complexity and business performance impact are now outpaced by a perceived lack of need, which was cited by 52% of respondents. Although not exactly the same globally, a lack of organisational buy-in was tied to 41% not perceiving a need for data security. The message here is that management needs a sense of urgency, and security professionals must do a better job of selling the importance of data security.
Security spending is up but not aligning with risk
The good news is that U.S. retail organisations are responding to the ever-increasing threat with 84% citing plans to increase IT security spending and 28% noting the increase would be significant. The bad news is that spending is not going to what respondents believe are the most effective defences.
The retail sector recognises the need for encryption to protect sensitive data. Forty-nine percent require encryption to increase cloud usage and 44% need system level encryption and access controls to expand the use of big data. More than half (52%) believe encryption (along with anti-malware tools) is needed to drive IoT adoption. This is in addition to encryption being the number one choice to satisfy compliance and data security laws such as GDPR, Korea’s PIPA and APPI in Japan.
Seemingly contradicting themselves, both U.S. and global retail ranked endpoint and mobile defences as those that will get the largest spending increase (72% U.S.; 52% global)) even though they rank them the least effective. A bright spot is that more organisations are recognising the threat to cloud data and with that 49% of respondents have ranked cloud at the top of their IT security spending priorities.
Peter Galvin, chief strategy officer, Thales eSecurity says:
“This year’s significant increase in data breach rates should be a wakeup call for all retail organisations. Digital transformation is well underway and the business benefits of the cloud, big data, IoT and mobile payment technologies are compelling and fueling widespread adoption. However, with the flow of sensitive data through all of these disparate platforms and technologies, the attack surface increases exponentially and with it the risk of a data breach.”
Other key findings:
· 67% of U.S. retailers are planning to implement database and file encryption this year;
· 2 of the top 3 tools needed for additional cloud use are encryption with enterprise key control or cloud provider key management; and,
· For the first time, compliance is not identified as one of the top 5 security spending drivers.
