IT security teams working for UK and US retailers threaten to be overwhelmed by an unrelenting barrage of cyber-attacks which sees nearly half forced to respond to security breaches every week, according to a new study.
Hewlett Packard Enterprise and UK-based hybrid IT firm Zynstra polled 300 retail IT managers and C-level executives on both side of the Atlantic to produce an insight report on Retail Branch Security.
It reveals that 45% of respondents are forced to address a security breach or attempted breach at least once a week, with the mean number of incidents 2.2 per week. The figure rises to 65% of sports and outdoor retailers and 49% of fashion outlets.
A not-insignificant 16% of respondents experience such a breach once a day, with the number rising to 29% in the grocery sector.
In the face of this “constant, unrelenting and alarmingly frequent” threat from cyber-space, IT teams are doing their best to keep their organization afloat.
Over half (55%) said they apply security upgrades and patches across their branch network at least once a week, with 12% doing so every day.
In addition, 46% of respondents said they back up critical in-store data across their branch network daily, and three-quarters do it at least once a week.
The report authors argue that being forced to focus on such tactical tasks means IT teams have little time left to help grow the business.
The report also reveals that despite these best efforts, concerns persist.
Just a third (33%) of respondents claimed they are very confident that their branch network is secure, rising to 40% in the grocery sector but dropping to just 19% in electrical retailing.
The biggest concerns are around time taken to restore critical data from back-ups (37%), applying patches and upgrades in a timely manner (22%) and not having enough IT resources and skills to hand (18%).
Security automation is key to reducing this workload and improving resilience at scale across hundreds or thousands of retail branch sites, the report concludes.
Lisa Baergen, director at NuData Security, said that retailers – like all organizations – need to prioritize the security of customer data.
“They need to move past the username/authentication model and embrace a model that engages multiple layers; so when one can't return a high trust confidence, there is another layer to rely upon,” she added.
The coming GDPR should force boardrooms around Europe to re-evaluate their cybersecurity posture with an eye on aligning with industry best practices.