Retail Data Breaches Up Nearly 50% From 2017

It’s not great news for online shoppers and retail in general. A new “2018 Thales Data Threat Report, Retail Edition” sheds light on the retail industry and the security risks they face. According to the report, 72% of U.S. retailers experienced a data breach, compared to 52% last year – that’s more than the global breach average. That increase puts U.S. retail in second place for sheer number of data breaches – just behind first-place U.S. government. Healthcare and the financial sector are third and fourth place respectively. As retail consumers, these breaches become threats to our data security as well.

A constantly changing threat landscape is a big part of the issue. Retailers find themselves playing catch-up with security, trying to avoid past breaches from repeating, and adequately protecting new threats just around the corner. Eighty four percent of respondents in this report claim they plan to increase IT security. That’s great news, but what do U.S. consumers do in the meantime? Educating yourself on the latest hacks and trends and implementing common sense cybersecurity practices at home and at work is the best answer so far.

One of the largest increases in retail data theft is cloud-based security. The report finds that although US retailers are using their cloud for sensitive data, only 26% use encryption – less than the global average. For retailers using cloud security, properly configuring that protection is a huge problem. Fortunately, 49% of retailers in the study rank cloud security as the priority for IT security spending. That’s good news, but in the meantime, much of that cloud security is poorly configured and ineffective. There have been many recent examples of misconfigured AWS servers, for instance.

There’s no shortage of hacks in the news from misconfigured cloud security. The Yahoo data breach exposed 3 billion accounts, Amazon Web Services breach exposed data from Verizon and Dow Jones, and sensitive voter information from robo-calling company, RoboCent – the list goes on. According to the 2018 IBM X-Force Threat Intelligence Index, employee errors led to a 424% increase in the number of records breach from misconfigured cloud servers in 2017.

Retail businesses need to assess their cloud-based security and take steps to insure it’s properly configured to provide the best consumer protection available to date. A report by Gartner “Cloud Strategy Leadership” looks into basic considerations for a company considering or improving cloud-based security configuration.

What do you want the cloud to accomplish, and what company gains do they provide?
Explore end goals and what type of cloud security makes sense toward those goals.
Decide what cloud services are best for your business and explore all options.
Perhaps the opinion of Gartner VP David Clearley, sums it up best “Organizations that do not have a high-level cloud strategy driven by their business strategy will significantly increase their risk of failure and wasted investment.” Enough said.

Stickley on Security
Published August 14, 2018