Despite unique attacks on their sector, IT professionals in retail are overconfident in their ability to quickly collect data needed to identify and remediate cyber-attacks.
A new study from Tripwire evaluated the confidence of IT pros in regard to the efficacy of implementing seven key security controls: PCI DSS, SOX, NERC CIP, MAS TRM, NIST 800-53, CIS Top 20 and IRS 1075. These are needed to quickly detect a cyber-attack in progress.
Respondents included 763 IT pros from various industries, 100 of which came from the retail sector.
Seventy-one percent of retailers believed they could detect configuration changes to endpoint devices on their organisations' networks within hours. Only 51 percent knew exactly how long this process would take.
Thirty-six percent reported that less than 80 percent of patches succeed in a typical patch cycle. Meanwhile, 38 percent said that all detected vulnerabilities are not fixed within 15 to 30 days.
Eighty-four percent said they could isolate and remove an unauthorised device on their networks within hours. Only 43 percent know exactly how long it would take for their vulnerability scanning systems to generate an alert if an unauthorised device were detected on their networks.
Over half (51 percent) believed their automated tools don't pick up all the necessary information, such as the locations and departments, needed to identify unauthorised configuration changes to endpoint devices.
Recommendations and guidance include:
-
Accurate hardware inventory
-
Accurate software inventory
-
Continuous configuration management and hardening
-
Comprehensive vulnerability management
-
Patch management
-
Log management
-
Identity and access management
“The increased scrutiny of retail cyber-security in the wake of major breaches has forced organisations to focus on securing their environments, yet these survey results show that there's still a lot of room for improvement. Retailers are well aware of the risks involved and need to remain focused on implementing strong controls to limit malicious access to their environments,” said Tim Erlin, senior director of IT security and risk strategy at Tripwire.
