The National Retail Federation projected a 3.6 percent increase in 2016 retail holiday sales, and leading security firms are warning companies to protect their data. Recently published reports by Tripwire Inc. and Verizon Inc. suggest retailers can do more to safeguard physical stores and ecommerce sites. The Tripwire study, published Oct. 10, 2016, surveyed 763 information technology (IT) professionals, 100 of whom were in the retail sector. Verizon's 2016 Data Breach Investigations Report analyzed over 100,000 incidents that occurred in 2015, including 3,141 confirmed data breaches.
Tim Erlin, Senior Director of IT Security and Risk Strategy at Tripwire, cautioned IT professionals against complacency. "The increased scrutiny of retail cyber security in the wake of major breaches has forced organizations to focus on securing their environments, yet these survey results show that there's still a lot of room for improvement," he said.
Verizon's study found that 99 percent of reported cyber attacks in 2015 occurred within a period of hours but went undetected for weeks, sharply down from response times in 2014. "There is a dramatic decline in internal discovery and a corresponding increase in discovery by fraud detection in our dataset this year," the authors wrote.
Tripwire analysts recommend protecting physical and digital infrastructures with a seven-point plan established by the United States Computer Emergency Readiness Team (US-CERT). "When implemented across an organization, these controls deliver specific, actionable information necessary to defend against the most pervasive and dangerous cyberattacks," the company stated.
US-CERT strives for a safer, stronger Internet for all Americans by responding to major incidents, analyzing threats and exchanging critical cybersecurity information with trusted partners around the world, according to its website.
Following are the seven elements to address as part of US-CERT's protection plan:
Tripwire cited the following data as evidence of the need for early, automated threat detection:
Verizon and Tripwire advise IT professionals to use advanced security tools to protect against increasingly cunning cybercriminals. Verizon cited phishing as a dominant cyberattack method. As multilayered protections against phishing scams, the company proposed spam protection, list blocking, email header/attachment/URL analysis and reporting of suspicious emails.
The Verizon report encouraged companies to authenticate, segment, and monitor all devices, apps and personnel connected to their networks. Report authors also gently poked fun at the idea of enforcing best practices within a security department. "One can't really say 'don't screw up again', or 'pay attention to what you are doing, for Pete's sake,'" they wrote. "Nevertheless, there are some common sense practices that can be implemented to help keep errors to a minimum."
In addition, they recommended the following for reinforcing internal guidelines: learn from your mistakes and implement new training materials for security awareness, use data to map the most common errors to minimize frequency and mitigate damage, and implement procedures to wipe all assets containing data clean before you resell or trash them.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.Prev Next