Cyberattacks on retail sites continue to plague the industry. According to Zynstra, an enterprise-grade IT software provider, 16% of retailers said they experience a cyberattack or attempt every day, 11% said they respond to an attack two to three times per week and 64% said they deal with a cyberattack once a month. This averages out to retailers responding to cyberattacks twice a week.
The attacks on the grocery industry were found to be especially high, with 29% of respondents dealing with attempted breaches daily and 55% every week.
RELATED: Cyberattacks against retailers worsening
Another especially high area is fashion, with 49% of these retailers saying they respond once a week to potential breaches and 40% of department stores with the same frequency.
IT departments are finding it difficult to keep up. More than half, 55%, of retailers said they apply security upgrades and patches across their branch network at least once a week, with 12% doing it every day and 77% only once a month. Also, 75% of retailers back up data across their branch network once a week and 46% do it daily.
Even with daily patching, only 33% of retailers are confident that their branch network is secure, 37% are concerned that backup data will not be restored fast enough in the event of an attack and 22% are worried that patches and upgrades are not applied in a timely manner.
“One can see from the plethora of attacks occurring over the past year that branch security is increasingly becoming a major priority for many retailers,” Zynstra CEO Nick East told FierceRetail. “Many of these attacks take advantage of organizations that have failed to keep their IT infrastructure up to date with the latest patches and updates—this is where the Zynstra intelligent automation is so key because these fixes are automated."
RELATED: Vera Bradley gets hacked
The good news is that East said security systems are better now than they were a few years ago. He called the need for good security “an arms race,” and said that retailers need to invest consistently over a period of time.
“Those responsible retailers that do invest now have better and deeper defenses,” he said.
Some examples East gave of security upgrades happening in the retail industry include the transition from PCI-DSS version 2 to version 3, the arrival of Point-To-Point-Encryption (P2PE), and the empowerment of professional chief information security officers.
The biggest hurdle for retailers implementing upgraded technology is legacy.
“The inertia within a large distributed organization is very challenging to overcome. It’s not just cost. It’s a cliché but aside from the cost, the human effort in turning these organizations around to ensure each branch site has a secure IT infrastructure is enormous,” East said.
Moving forward, responsible retailers know they need to upgrade and keep with the changing technology. And those that don’t, East said, will get found by the hackers.
“The bad guys are efficient hunters as they no longer rely on humans to find the chink in defenses. And the cost of cleaning up from breaches continues to escalate as the regulatory environment gets ever uglier,” he concluded.