Tripwire, a provider of security and compliance solutions for enterprises and industrial organizations, announced Thursday (Nov. 3) a new study that shows retail IT professionals were overconfident in their ability to collect data needed to identify and stop a cyberattack.
In a press release, Tripwire said the study, conducted by Dimensional Research, evaluated the confidence of IT professionals regarding seven key security controls that need to be in place to quickly detect a cyberattack in progress. Study respondents included 763 IT professionals from various industries, including 100 participants from the retail sector.
According to the study, 71 percent of retail respondents said they think they could detect configuration changes to devices on their organization’s network within hours, yet only 51 percent knew exactly how long the process would actually take. Tripwire pointed to Verizon’s 2016 Data Breach Investigations Report, which found 99 percent of successful system compromises occurred within hours and took 79 percent of retailers weeks or longer to discover that a breach had occurred.
“The increased scrutiny of retail cybersecurity in the wake of major breaches has forced organizations to focus on securing their environments, yet these survey results show that there’s still a lot of room for improvement,” said Tim Erlin, senior director of IT security and risk strategy at Tripwire, in the press release.
The study also found that 84 percent of survey respondents said they could isolate and remove unauthorized devices on their networks within hours, despite the fact that only 51 percent knew exactly how long that would take. What’s more, only 43 percent of the respondents knew how long it would take for their vulnerability scanning systems to generate an alert if an unauthorized device was detected on their networks.