Study: Retail lags behind other industries on Internet of Things security

Portland, Ore. -- Only 18% of retail IT security professionals expressed concerned that point of sale devices were being targeted by cyber criminals, and only 20% were “confident” that point of sale devices were securely configured, according to a study by Tripwire examining the impact of emerging enterprise security threats connected with the Internet of Things (IoT) in the retail industry. The study also revealed that 35% of retail IT professionals have inadequate visibility into the security of common devices already on their networks such as routers, switches, modems and firewalls, and 51% don't believe they can effectively communicate the security risks associated with IoT devices to the c-suite and corporate board.



• The study, conducted by Atomic Wire, also revealed that 34% of retail executives were “not confident” all the devices on their networks were authorized. By comparison, only 18% of financial services respondents and 20% of energy sector respondents expressed the same doubts.



• “It’s imperative that enterprises establish the ability to continuously monitor their network for unknown devices and applications, validate them against a trusted reference point, and quickly remediate weak or unsafe configurations,” said Dwayne Melancon, chief technology officer for Tripwire. “Standards, machine-to-machine learning and continuous security configuration management can significantly accelerate progress toward this goal.”

Other key findings of the study include:



• Thirty-six percent of retail executives were “not confident” that all the devices connected to their networks were running only authorized software. Only 25% of financial service respondents and 32% of energy respondents shared the same concern.



• Only 25% of retail executives expected to receive additional budget to support the expanded security necessary to protect IoT devices. Fifty-nine percent of financial respondents and 52% of energy respondents expected to receive additional budget.



• Over 45% of retail executives said they were “not concerned at all” about the security risks associated with IoT devices connected to their networks, while 35% of financial services respondents said they are “very concerned.”



“The results of this research reflect many of the challenges retail security teams face,” said Ken Westin, security and threat analyst for Tripwire. “One of the most positive findings is that retail organizations can dramatically improve security by focusing on a few key fundamentals. After all, you can’t keep anything secure if you don’t know it’s on your network.”