Retailers believe breach detection is sufficient, but gap yawns wide
Retailers believe they can detect a data breach in a week or less, a new survey from Tripwire revealed; another report showed that it takes them on average 197 days to spot advanced threats.
Retailers believe they can detect a data breach in a week or less, a new survey commissioned by Tripwire revealed, while another report by Arbor Network showed it takes them on average 197 days to spot advanced threats.
“The 2016 Verizon Data Breach Investigations Report shows that [the] detection gap is getting worse,” Tripwire Senior Security Research Engineer Travis Smith, told SCMagazine.com in emailed comments, noting that the gap is not just a problem for retailers but is true for most businesses. “Attackers are obeying as many ‘detection laws' as possible when robbing their victims, the same way a bank robber obeys traffic laws when fleeing from the scene.”
The Tripwire report found that 75 percent of respondents in the 2016 survey thought they could detect a breach within 48 hours, up from 42 percent in a similar 2014 study.
The findings showed that breaches in the retail sector involving personally identifiable information (PII) have more than doubled in a two-year time period – with 33 percent of those surveyed said PII was stolen in a breach, an uptick from 14 percent in 2014.
Yet, companies haven't sped up the rate at which they implement breach detection technology – 59 percent in both survey years said the breach detection products they used “were only partially or marginally implemented.”
“The most surprising finding was that the percentage of breach detection products remains stagnant, even among the growing threat landscape retailers are facing over the same time period,” said Smith.
The Tripwire engineer said “defense in depth is the best method of reducing the attack surface for environments” and noted that “the softest spot for many retailers remains to be the implementation of the point of sale network.”
With “an increased level of network access both in and out of the network” attackers have “a larger attack surface to both infiltrate and exfiltrate a retailer's systems,” Smith said.