Data breaches skyrocket

Although 84% plan to increase IT security spending, report indicates greatest spending plans are for defences that are ranked least effective.

  • 6 years ago Posted in
Thaleshas published the results of its 2018 Thales Data Threat Report, Retail Edition. According to U.S. retail respondents, 75% of retailers have experienced a breach in the past compared to 52% last year, exceeding the global average. U.S retail is also more inclined to store sensitive data in the cloud as widespread digital transformation is underway, yet only 26% report implementing encryption – trailing the global average.

Click to Tweet: Three-quarters of U.S. retailers have experienced a data breach, half in the last year #2018DataThreat https://bit.ly/2u6K5G6

Year-over-year breach rate takes a turn for the worse

While last year’s report showed an encouraging decrease in breaches, this year U.S. retail data breaches more than doubled from 19% in the 2017 survey to 50%. This massive increase drove U.S. retail to be the second highest vertical polled to experience a data breach in the last year, ahead of healthcare and financial services and only slightly behind the U.S. federal government.

 

Digital transformation brings increased risks to data
According to the report, 95% of U.S. retail organisations will use sensitive data in an advanced technology environment (such as cloud, big data, IoT and containers) this year. More than half believe that sensitive data use is happening now in these environments without proper security in place. Each of these technology environments comes with unique security challenges. As the attack surface increases, unique data security challenges need to be addressed.

 

Garrett Bekker, principal analyst for information security at 451 Research says:
These increases come as no surprise to retailers. While nearly 95% of retailers acknowledge vulnerability to data breaches, now almost half recognise they are extremely vulnerable. This is an increase of 30% from the previous year. While this trend can be partially attributed to U.S. retailers aggressively pursuing a multi-cloud strategy, these organisations continue, year after year, to spend on the same security solutions that worked for them previously. With increasingly porous networks and expanding use of external resources (SaaS, PaaS and IaaS most especially), traditional endpoint and network security are no longer sufficient to protect sensitive data.”

 

The increase in attacks against the retail sector calls into question why spending on data security isn’t more significant. Ironically, in the U.S., the traditional concerns about data security related to perceived complexity and business performance impact are now outpaced by a perceived lack of need, which was cited by 52% of respondents. Although not exactly the same globally, a lack of organisational buy-in was tied to 41% not perceiving a need for data security. The message here is that management needs a sense of urgency, and security professionals must do a better job of selling the importance of data security.

 

Security spending is up but not aligning with risk

The good news is that U.S. retail organisations are responding to the ever-increasing threat with 84% citing plans to increase IT security spending and 28% noting the increase would be significant.  The bad news is that spending is not going to what respondents believe are the most effective defences.

 

The retail sector recognises the need for encryption to protect sensitive data. Forty-nine percent require encryption to increase cloud usage and 44% need system level encryption and access controls to expand the use of big data. More than half (52%) believe encryption (along with anti-malware tools) is needed to drive IoT adoption. This is in addition to encryption being the number one choice to satisfy compliance and data security laws such as GDPR, Korea’s PIPA and APPI in Japan.

 

Seemingly contradicting themselves, both U.S. and global retail ranked endpoint and mobile defences as those that will get the largest spending increase (72% U.S.; 52% global)) even though they rank them the least effective.  A bright spot is that more organisations are recognising the threat to cloud data and with that 49% of respondents have ranked cloud at the top of their IT security spending priorities.

 

Peter Galvin, chief strategy officer, Thales eSecurity says:
“This year’s significant increase in data breach rates should be a wakeup call for all retail organisations. Digital transformation is well underway and the business benefits of the cloud, big data, IoT and mobile payment technologies are compelling and fueling widespread adoption. However, with the flow of sensitive data through all of these disparate platforms and technologies, the attack surface increases exponentially and with it the risk of a data breach.”

 

Other key findings:

·         67% of U.S. retailers are planning to implement database and file encryption this year;

·         2 of the top 3 tools needed for additional cloud use are encryption with enterprise key control or cloud provider key management; and,

·         For the first time, compliance is not identified as one of the top 5 security spending drivers.

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
73% of organizations lack automated patch management, and 62% experienced incidents involving...
Quest Software has signed a definitive agreement with Clearlake Capital Group, L.P. (together with...
Dell EMC PowerProtect Cyber Recovery for AWS provides a fast, easy-to-deploy public cloud vault to...
Aqua’s cloud native application protection platform becomes the only solution that protects cloud...
54% of organisations working on a security transformation project now or in the next 12 months.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Zscaler Zero Trust exchange cloud-based architecture enables superior green security capabilities...