Happy Cyber Monday, the biggest online shopping day of the year. As shoppers seize the bargain buys and plug in their valuable payment card information, we hope they will take a step back and make sure they are practicing good cyber security hygiene. Retailers should also make sure they are doing their part to protect customers’ private information and other valued IT and data assets. The onus is on both parties to incorporate good cyber security hygiene into their everyday shopping and business practices, not just today, but year-round. After all, cyber threats don’t only present themselves on Cyber Monday. Cyber threats are persistent. A data breach or cyber-attack can happen any day of the year and therefore, retailers and consumers should always take steps to protect their valuable assets.
On that note, Bay Dynamics® is unveiling a new report that details cyber risks posed by permanent, temporary and contract employees within retail organizations. The “2016 Pre-Holiday Retail Cyber Risk Report,” the second annual retail risk report released by Bay Dynamics, is based on a survey asking IT and security professionals, who manage retail organizations’ cyber risk and security programs, about the kind of information to which their permanent, temporary and contractor employees are granted access, and what they have done with that information. Respondents were also asked about how much visibility they have into employees’ actions, how quickly they patch vulnerabilities, when they feel the most pressure to secure their organizations and more.
When we compared this year’s report to last year’s, we saw a positive shift in how retail organizations are approaching cyber security. For example, the majority of IT and security professionals (56 percent) say they do not feel more pressure to secure their organizations during the holidays, meaning cyber security has become a year-round commitment. That’s a shift from our finding in 2015 when a majority (66 percent) of IT and security professionals said they felt more pressure during the holidays to secure their organizations. IT and security professionals understand they can get hacked or suffer a data breach any day of the year. Therefore, they feel pressure to secure their organizations all the time, not just during the holidays.
Due to the continuous pressure, the report reveals IT and security professionals are patching vulnerabilities more quickly. Eighty four percent of respondents say they patch systems and applications in a week. About 60 percent say they patch within 48 hours of discovering the vulnerability. It seems that retail IT and security professionals are more on top of the ball.
Between 2015 and 2016, we saw a more than four-fold jump in the number of IT and security professionals who say their permanent employees accessed and/or sent sensitive data they should not have accessed or sent. We also saw a significant decrease (from 14 percent to five percent) in the number of IT and security professionals who say they are not sure if their permanent employees have accessed and/or sent sensitive data they should not have accessed or sent. The results indicate it’s no longer “eyes wide shut” when it comes to flagging policy violations. IT and security professionals have more visibility into what their employees are doing on the network and therefore can see when policies are violated.
These findings are only a slice of what the report reveals. Feel free to download the full report here to find out the top cyber risks facing retailers today, how well they are doing managing those risks and what they should be doing to minimize risk and protect their most valued assets.
To download the “2016 Pre-Holiday Retail Cyber Risk Report” go to: http://baydynamics.com/resources/2016-pre-holiday-cyber-risk-report/
To download the 2015 “Pre-Holiday Retail Risk Report” go to: https://baydynamics.com/resources/pre-holiday-retail-risk-report/