There's a huge gap between retailers' perceptions and reality when it comes to cyberattacks and preventing data breaches, according to a new study from Dimensional Research and Tripwire. When asked how quickly their organizations could detect a data breach of critical systems, 60% thought that the breach would be discovered within 72 hours. Only 20% expressed doubt that their organizations would be able to discover the breaches quickly.
The reality is dramatically different. Various studies have come up with different numbers, but all show that it takes far longer to detect serious cyberattacks than the retailers' three-day estimate. For example, a study conducted by Mandiant found that the average time to detect breaches was 229 days — or more than 76 times longer than the retailers' estimate. Another study, conducted by Verizon, found that it took weeks to detect most breaches committed at points of sale, and months to detect 43% of breaches online.
The retailers surveyed also displayed an unwarranted confidence in the effectiveness of their security measures to combat cybercrime. The Dimensional Research survey found that 82% were either very confident or somewhat confident that their security controls could detect rogue applications. High-profile data breaches, however, have put the retail world on notice. Almost 70% of survey respondents said they thought that highly publicized data breaches have increased the amount of attention that executives at their organizations pay to security.
Cybercriminals target retail businesses more often than any other type of organization. A study by Trustwave found that 35% of cyberattacks were aimed at retailers, highlighting the need for retailers to rethink their data security efforts. But cybercriminals can attack any organization that stores confidential or sensitive information electronically. Recently announced suspected breaches include the theft of medical records of 4.5 million patients and credit and debit card information of customers of two grocery store chains.
An organization's employees provide the first line of defense against costly and reputation-damaging data breaches.