Are Retail IT Professionals Really As Prepared As They Think for Security Breaches?

by Brad Garland
Protecting company records as well as private and confidential customer information is a top priority for many businesses. After all, just one security breach can devastate large companies and possibly destroy smaller businesses. Comprehensive IT security is especially important for those organizations in the retail industry.

According to a recent study, retail organizations are three times more likely to face security attacks than those organizations in the financial sector. In fact, the retail industry faces more attacks per number of clients than any other industry. These facts make it crucial for IT professionals to be prepared to identify and prevent all types of retail security breaches — but are today's retail IT professionals really prepared to meet these ever-growing security threats? 


Retail IT Professionals Are Very Confident in Their Abilities

If you ask retail IT professionals, they seem to think they are as prepared as possible for security risks. According to a survey conducted by Tripwire, 90 percent of retail IT professionals feel confident that they could detect a security breach within a one-week time span. This confidence level is up 20 percent from a similar survey completed in 2014, which should make you feel pretty good about these IT professionals' ability to meet the current security demands of the retail industry.

Unfortunately, the actual retail security results don't quite match this high level of confidence. Security breaches in the retail industry more than doubled from 2014 to 2016. This doesn’t seem to add up. If confidence among IT professionals is increasing, you would expect to see the actual number of security breaches decreasing — not increasing.

What's Going On?

Such a significant increase in the number of security breaches reveals that retail IT professionals are not meeting expectations, even their own expectations. This may be a sign of overconfidence, which could ultimately put the retail industry at an even higher risk for security threats. Tripwire's retail cyber security survey found that 59 percent of IT professionals admit they have only partially or marginally integrated effective breach detection technology, such as antivirus software, malware detection, intrusion detection, file integrity monitoring and whitelisting, into their security structure.

Keep in mind that many of these IT professionals also felt confident in their ability to detect a security breach. Yet, they have failed to integrate many of the most effective security products into their strategic plans. Could these retail IT professionals be so overconfident that they are putting the company data they are trying to protect at risk? When you consider that 90 percent of large organizations and 74 percent of smaller firms faced some type of cyberattack in the previous year, it seems obvious that retail IT professionals aren't as prepared as they think they are for security breaches.

How to Provide the Right Level of Protection

The good news is that your retail organization can take several steps today to improve overall security and ensure that its IT department is prepared.

1. Proactive Approach

The last thing you want to do is to wait for a security breach to happen before making the decision to take action. Retail organizations must be proactive by taking an in-depth approach to security. This requires developing a comprehensive security plan that may include creating a set of IT policies, designing a disaster recovery program and implementing a compliance risk management plan, among other things.


2. Implement Security Tools

Security breach detection products are powerful tools to help fight security risks. Identifying which products work best for your company's security strategy is a great first step, but to solidify your network's security, you must take the next step and actually implement these tools. In addition, you must evaluate the use of these tools on a periodic basis to ensure they are still providing the full protection your organization demands.


3. Third-Party Assessment

One of the best things your company can do is bring in third-party information security consultants to perform a network assessment for your organization. These consultants will assess your network's cyber security in their own environment, which allows them to identify potential security deficiencies or areas that do not meet best practice standards. IT consultants can also provide professional advice about what steps your company should take to improve its overall security.

Don't let overconfidence be the downfall of your organization's retail security. Instead, be proactive by developing and actually implementing a comprehensive security plan. In addition, hire professional information security consultants to perform an independent risk assessment of your current network on a regular basis. This combination ensures you not only think you're prepared, but really are prepared no matter what threat your organization faces in the future. It should also be noted that failure to implement risk based security controls and best practices is also increasing your business's risk level to other entities that you do business with. It could be as simple as they are regulated and be required to work with secure businesses. Ultimately causing higher operational costs, fees, or even loss or inability to conduct business due to their requirements.

With more than 30 years of IT experience, Garland Heart specializes in providing comprehensive security reviews for all types of organizations, including those in the retail sector. Contact us today. Our security experts can help your organization identify potential security threats you may have missed as well as work with you to create a strategic plan to protect your organization from these threats.