The holiday season is upon us, with consumers hastily laying travel plans between time spent browsing for gifts for loved ones. During this season, a few also remember that major retail breaches have long-lasting and far-reaching effects with settlements dragging into the years and occasionally costing companies up to billions of dollars. While the holiday season has a reputation for being breach high tide, it’s actually less event-filled than other times of the year.
In an analysis, BitSight categorized incidents from month-to-month within the retail and hospitality industries between 2015 and 2016. It found that events waned in November and December in each year.
“It is readily apparent that both industries exhibit a sporadic breach pattern with spikes and lulls at particular points throughout the year,” said the company, in an analysis sent to Infosecurity. “Retail experiences fewer incidents than hospitality (with a few months standing out as exceptions). What is particularly surprising is that both industries show a slight decline in security events during the holidays. It is possible that controls and security practices are stepped up as the holidays approach, or that companies are simply too busy during this season to report breaches as they occur (this might also explain spikes early in the year).”
BitSight’s examination also revealed significant differences in breach types experienced by companies in each industry. To wit: the hospitality industry outpaced retail for percentage of breaches flagged as point of sale (POS) attacks, while lagging slightly behind in all other categories. Both industries are commonly regarded as ripe targets for POS attacks due to the large amount of brick-and-mortar locations with exploitable payment terminals; however, retail saw a more uniform distribution of breach types.
The one exception to that is the Web Application Compromise vector, which makes up over 25% of the incidents observed.
“Hospitality companies would do well to take specific actions to address their risk of POS attack, such as monitoring endpoint security and ensuring data is safe behind properly configured firewalls,” BitSight concluded. “The holidays result in increased revenue for large retailers and hotel chains. This increase in business can tempt attackers and it is important for businesses in all industries to proactively mitigate risk to avoid making next year’s holiday breach report.”