By Daniel Hunter
A worrying number of British retailers are no 'cyber-safe' during the busiest shopping period of the year, according to computer security firm, Sophos.
The research found that 72% of UK retailers have worrying gaps in their cyber-security and data protection. It revealed that there is a significant gap between the perceived level of security held by UK retailers, and the level of security that is physically in place at retail establishments across the nation.
Sophos said that despite being aware of the increasing risks associated with cyber security and the implications a breach can have on both consumers and their own brand, retailers aren’t imposing the correct level of IT security or ensuring sufficient training is in place for sales staff to help stop credit card fraud and the theft of sensitive customer information, such as bank details and email addresses.
James Lyne, Global Head of Research, Sophos, said: “We’re now in the midst of the busiest time of the year for the retailers, so shops must ensure they have appropriate measures in place to prevent cyber crime. As recent data breaches show, it is critical that retailers protect customer data both from exposure in the public domain and from being quietly used in the background. Cyber criminals have clearly demonstrated systematic compromise of such organisations, it is clear that they are high on their priority list.”
The research reveals significant overconfidence in the retail sector, with 87% of UK retailers confident that they have adequate security in place to protect customer data, and 86% confident that they are able to protect their general network from the malicious malware used by hackers to steal business and customer data.
However, the research also indicates that while confidence among retailers is high, in reality the vast majority — 72% — have not implemented fundamental security required to safeguard both business and customer data. The lack of basic encryption capabilities, designed to protect business and customer data at a very basic level, highlights a significant and worrying gap in the cyber security strategies of UK retailers.
The majority of retailers acknowledge that they rely primarily on barebones protection, such as firewalls (77%) and anti-virus (33%). The emphasis on perimeter protection like firewalls can be compared with closing the door of your house while leaving your windows open. And even those that rely on securing the perimeter do not defend their networks in depth, with only 31% indicating they have network protection beyond a firewall and only 2% having comprehensive unified threat management capability in place.
“In the lead up to Christmas, we can expect to see an increase in data breaches if retailers continue not taking the necessary steps to secure customer data,” said Mr Lyne.
“For an industry responsible for holding and safeguarding so much sensitive customer data, it’s worrying to see the level of over confidence and lack of awareness surrounding cyber security. This needs to be rectified if we are to adequately protect UK consumers. What amazes me is how often the breaches are the result of incredibly simple failures of policy, training or technology and not the result of cyber criminals being particularly clever.”
“It won’t happen to me…” — The Ostrich Effect
The research reveals that the ‘Ostrich Effect’ is firmly in place as the UK retail sector continues to bury its head in the sand when it comes to cyber security.
In addition to the 72% that admit to not having basic cyber security capabilities, half of retailers also have no contingency plans in place to deal with a data breach if they do fall victim to malicious hacking.
Email Address & Credit Card Vulnerability
The research found that email addresses were the most common form of data to be stolen. Credit card details were the second most popular form of cyber theft across UK retailers.
- 23% of UK retailers that have been victims of data breaches in the past identified email addresses as the most common form of data to be stolen.
- 10% of UK retailers that have been victims of data breaches in the past admitted to losing customer bank/credit card details.
- 16% of UK retailers do not have a plan in place in the event of customer credit card fraud taking place.
- 34% of retailers did not have training in place to teach staff how to recognise credit card fraud.
- 56% of retailers in London did have practical on the job training for point of sale staff in recognising credit card fraud.
- Only 35% of retailers in the North provide practical on the job training for point of sale staff in recognising credit card fraud.
Join us on