Retailers ‘Not Confident’ in Security of POS Devices
Tripwire study reveals retailers lag behind other industries on Internet of Things security
PORTLAND, Ore. — March 2, 2015 — Tripwire, Inc., a leading global provider of advanced threat, security and compliance solutions, today announced the results of a study sponsored by Tripwire conducted by Atomic Research examining the impact of emerging enterprise security threats connected with the Internet of Things (IoT) in the retail industry. The study was conducted between July and September 2014 and compared the attitudes of 276 retail executives and IT professionals in the U.S. and U.K. with 431 respondents in the same roles in energy and finance industries.
The study revealed that only 18 percent of retail IT security professionals were concerned that point of sale devices were being targeted by cyber criminals, and only 20 percent were “confident” that point of sale devices were securely configured.
“It’s imperative that enterprises establish the ability to continuously monitor their network for unknown devices and applications, validate them against a trusted reference point, and quickly remediate weak or unsafe configurations,” said Dwayne Melancon, chief technology officer for Tripwire. “Standards, machine-to-machine learning and continuous security configuration management can significantly accelerate progress toward this goal.”
Key findings from the study included:
Thirty-four percent of retail executives were “not confident” all the devices on their networks were authorized. Just 18 percent of financial services respondents and 20 percent of energy sector respondents expressed the same doubts.
Thirty-six percent of retail executives were “not confident” that all the devices connected to their networks were running only authorized software. Only 25 percent of financial service respondents and 32 percent of energy respondents shared the same concern.
Only 25 percent of retail executives expected to receive additional budget to support the expanded security necessary to protect IoT devices. Fifty-nine percent of financial respondents and 52 percent of energy respondents expected to receive additional budget.
Over 45 percent of retail executives said they were “not concerned at all” about the security risks associated with IoT devices connected to their networks, while 35 percent of financial services respondents said they are “very concerned.”
“The results of this research reflect many of the challenges retail security teams face,” said Ken Westin, security and threat analyst for Tripwire. “One of the most positive findings is that retail organizations can dramatically improve security by focusing on a few key fundamentals. After all, you can’t keep anything secure if you don’t know it’s on your network.”
The study also revealed that 35 percent of retail IT professionals have inadequate visibility into the security of common devices already on their networks such as routers, switches, modems and firewalls, and 51 percent don’t believe they can effectively communicate the security risks associated with IoT devices to the C-suite and corporate board.
Tripwire is a leading provider of advanced threat, security and compliance solutions that enable enterprises, service providers and government agencies to confidently detect, prevent and respond to cybersecurity threats. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business-context and enable security automation through enterprise integration. Tripwire’s portfolio of enterprise-class security solutions includes configuration and policy management, file integrity monitoring, vulnerability management and log intelligence. Learn more at www.tripwire.com, get security news, trends and insights at http://www.tripwire.com/state-of-security/ or follow us on Twitter @TripwireInc.