Portland, Ore. - U.S. retail firms are confident in their ability to detect data breaches. According to a recent survey of 154 retailers by security solutions provider Tripwire, when asked how quickly their organizations would detect a breach, 42% of respondents said it would take 48 hours, 18% said it would take 72 hours, and 11% said it would take a week.
Thirty-five percent of respondents were “very confident,” while 47% were “somewhat confident” that their security controls could detect rogue applications such as those used to exfiltrate data during data breaches.
Other key findings include:
• 70% of respondents said that the recent Target breach has affected the level of attention executives give to security in their organizations.
• Online-only retailers were less concerned with the Target breach; only 57% said it has increased the level of executive attention.
• 26% of respondents don’t evaluate the security of business partners, such as HVAC contractors who were implicated in the Target breach.
“I always say that trust is not a control, and hope is not a strategy,” said Dwayne Melancon, CTO for Tripwire. “Unfortunately, this data suggests that a lot of retailers are far too hopeful about their own cyber security capabilities. Despite ample historical evidence that most breaches go undiscovered for months, there is clearly a significant disconnect between perception and reality, even though the repercussions for failing to meet the required level of rigor around cyber security has led to the recent removal of retail executives and board members.”