Not if, but when you’ll be breached

alvaro-serrano-133380-unsplash.jpg

Not if, but when you’ll be breached

What organizations can learn from US retail data breaches

The results are in, and it’s not looking good for the retail industry. In the 2018 Thales Data Threat Report, senior retail IT security managers were surveyed to understand major trends in encryption and data security. The numbers tell a clear narrative: half (50%) of retailers report being breached in the past year, a number that has more than doubled from 19% in 2017. This means that the cybercrime regime is, yet again, one step ahead in the continuing game of tug-of-war. Why? As hackers continue to evolve in “tactics, sophistication, and motivation”, cyberdefense spending and deployment is few and far between. Let’s analyze this staggering data while considering the implications for all types of organizations.

 

Testing times

If the idea of 1 in every 2 U.S. retailers being breached in the past year was not shocking enough, consider the comparison to the international average (36%). 75% of U.S. retailers report being breached ever, and 26% have been compromised multiple times. This surge places retail second for American verticals that have experienced a breach in the past year, only slightly behind the federal government and ahead of healthcare and financial services.

However, what fuels the fire is that they are more likely to store sensitive data in technology environments, such as the cloud, big data, and internet of things (IoT). It’s no secret that “ultra-high volumes of personally identifiable information (PII) and payment card information” is exchanged in transactioning, painting U.S. retail as an easy target for opportunistic hackers.

 

Silver linings

Although the present-day picture is dark, the future looks promising. Among U.S. retail respondents, 84% say they will increase IT security spending in the upcoming year, a sizeable increase from last year (77%) and ahead of global retail (67%) as well.

But where is the money going? To this day, much of it has gone towards traditional endpoint and network security. This has proven ineffective and even counterintuitive, especially for heavy adopters of cloud technology. Most IT security professionals agree that discovery/classification, encryption, and tokenization are the best-in-class for protecting data in advanced technology environments. Yet, they are not putting their dollar behind data security due to a lack of perceived need (52%), impacts on business performance (47%), and perceptions of complexity (46%).

 

Dream teams

A similar tale can be told by almost any other data-rich institution. If you’re a treasurer or IT security professional, you’re well aware of how difficult it can be to receive organizational buy-in for data security, let alone implementing seamlessly without impacting business performance.

That’s where we come in.

First, we’ll leverage our signature assessment tool to understand your organization’s unique payment needs as we develop a comprehensive strategy that secures your data. Need help getting your teams on board? Reach out to us.

Next, we’ll work with your departments to create the most secure payment system possible and ensure that all of your third-party software is integrated, all while avoiding any interruptions. As experienced consultants, we demystify the process of selecting the best vendors and keeping a pulse on state-of-the-art technology.

Finally, as the team on your team, we’ll be there to provide award-winning support and cheer you on. After all, we share a common goal. Make payments secure, efficient, and cost-effective for everyone.

Sarah W