Data breaches pose a significant threat to each and every organization. The danger is that a group of attackers will not only gain an initial foothold into a company's systems but will also find a way to conceal any signs of their entry. By covering their tracks, they can remain undetected on corporate networks for a longer period of time, allowing them to exfiltrate data, map out additional sections of the affected system, and collect information for more sophisticated attacks in the future. Unfortunately, attackers' persistence on a target's network isn't an aberration. It's what happens with most sophisticated threat actors. Indeed, Mandiant’s M-Trends 2015 report revealed that the average time required to detect an advanced persistent threat on a corporate network is 205 days. Similarly, in the 2015 Data Breach Investigations Report, whose key takeaways can be found here, Verizon reported that two-thirds of targeted attacks generally take months to detect. Mandiant's and Verizon's findings point to a clear gap in the time it takes for security personnel to detect a breach after it has occurred. Even so, IT professionals remain confident in their ability to detect a security incident quickly. Perhaps a little too confident, even. A survey of over 400 energy executives and IT professionals last summer found at least half of respondents were assured they could spot a breach in less than 24 hours. That level of overconfidence has not changed in recent months, as revealed by a February 2016 study of 763 IT personnel. Now, Tripwire has released another survey that demonstrates how information security professionals working in the retail sector are just as overconfident as their energy counterparts. In its 2016 Retail Security Survey, which polled the responses of over 200 IT professionals in the retail sector, Tripwire found that the number of data breaches by which attackers stole or accessed personally identifiable information (PII) has doubled since 2014. Only 14 percent of respondents reported to have experienced a breach in a similar survey Tripwire conducted two years ago, a figure which has increased to one-third of participants this year. A rise in the number of incidents has not shaken IT professionals' confidence, however. Nearly all (95 percent) of respondents said their organization could detect a breach within a month or less, as compared to 78 percent back in 2014. That is in spite of the fact that nearly half (48 percent) of all respondents said their breach detection products are just partially integrated.
"Partially implemented tools are a serious liability for information security," said Tim Erlin, director of IT security and risk strategy for Tripwire. "Organizations need to move from a checkbox approach to measuring their gaps in coverage. If you’re not monitoring 100 percent of your endpoints, you’re leaving room for attackers to gain a foothold."
Given their IT professionals' degree of overconfidence and lack of breach preparedness, organizations in the retail sector will likely continue to experience data breaches. That is why Dwayne Melançon, chief technology officer for Tripwire, will be speaking about retail breaches and how to restore trust after a breach at the 2016 Retail Cyber Intelligence Summit. It's important to note, however, that infosec personnel in the retail sector can work to enhance the security of their organization. A great starting point is for them to look over this collection of resources. Title image courtesy of ShutterStock