Industry Comment Research   RSS Feed

Webinars Buyers' Guide Podcasts

Related Publications Foward Features




  In partnership with:

7 February 2008

Retailers need to step up IT security, says Deloitte

Ian Grant, Computer Weekly

Retailers are losing the battle against IT security threats because most have no strategy for their long term defence and merely respond to incidents, says a report from management consultancy Deloittes.

"Consumer businesses have a tactical rather than a strategic approach to security," the company said. "This means they do not develop the foresight that allows them to deal with issues before they become problems."

The survey of managers responsible for IT security in consumer businesses such as retailers and consumer goods companies found 80% had no clear IT security strategy, but 93% had appointed someone to take responsibility for it.

All had installed anti-virus, firewall and similar products. Despite them regarding spyware and phishing attacks as their greatest threats, 73% were deploying anti-spyware tools, and only 27% had anti-phishing tools.

Business continuity was high on the priority list, but 82% had not tested their back-up plans.

Two out of three firms were using compliance with the Data Protection Act and the Payment Card Industry's Data Security Standard (PCI-DSS) to drive their IT security plans.

However, only one-third of respondents were planning to comply fully, but 80% of those who also trade online aimed to comply. They expected compliance to cost between £250,000 and £500,000, and 60% expected it to be "highly disruptive" to the business.

Despite being aware of the importance of protecting personal data, only 13% had established what data they held, where they held it, and how it was transmitted and used. Only 40% had written policies on privacy, fair information practices, and data collection, and only 13% had a process for managing privacy compliance.

Top threats

Virus/worm outbreaks
Spyware
Phishing/pharming
Email attacks
Staff misconduct
Top counter-measures
Beef up security infrastructure
Improve security governance
Comply with security regulations
Secure applications
Develop and execute a security strategy

This article first appeared on the web-site of Computer Weekly, at http://www.computerweekly.com/Articles/2008/02/07/229303/retailers-need-to-step-up-it-security-says-deloitte.htm. © Reed Business Information 2008.

PCI-DSS failure could hit brands, gaming firms told (29 January 2008)

PCI: here to stay (July/August 2007 issue)

News index



 

 
Search this Site:
Google Custom Search

sign up for enews





Click here...