UK Retailers Clueless About Cybersecurity

UK retailers, you’ve all been misbehaving and should be placed on Santas naughty list this year.

According to a survey by Sophos, while 87 percent of retailers are confident that they have adequate security in place to protect customer data, 72 percent have failed to implement even the most fundamental of data security measures.

Here is a the whole list of statistics, which we’re sure some hackers are looking at while rubbing their hands and laughing maniacally:

• 87 per cent of UK retailers are confident that they have adequate cyber security in place to prevent malicious data breaches
• 72 per cent of UK retailers admit they have not implemented basic encryption security to safeguard business and consumer data
• 14 per cent of UK retailers admit to not having the expertise necessary to implement basic cyber security measures
• 40 per cent of UK retailers acknowledge they don’t know why they haven’t implemented basic cyber security measures
• Only 2 per cent have a comprehensive unified threat management capability in place
• 77 per cent rely only on perimeter-based protection such as firewalls and 33 per cent on anti-virus
• Only 67 per cent of those who have fallen victim in the past have plans in place to further secure their IT system in the future

Some of you may be thinking along these lines: if everyone is equally insecure, then obviously hackers are going to go for bigger companies than mine. I’m not even on their radar.

There are two problems with that line of thinking. The first being, hackers do not always operate with a specific target in mind. Often they are simply scanning for vulnerabilities, looking for companies with weak defenses. If they find your network has an open door into it, they’re going to walk through and take a closer look for any sensitive data that’s easy to steal.

Secondly, are you really willing to gamble on that chance you won’t get hacked? What we I told you that, in the UK, the average cost you’ll have to pay when hacked is about £100 per record stolen?

While the costs for building and maintaining a secure network aren’t pennies, they are a fraction of what you’ll have to foot out in the event you suffer a data breach. A small business suffering a data compromise probably can’t afford the £50,000 – 100,000 in costs and fines for a small amount of data loss, and would struggle to stay in business. Add that with the loss of reputation you’ll suffer if the public ever finds out, and it’s easy to see how a larger data breach can easily cripple or destroy a company entirely.

We’re not really surprised to hear that UK retailers are nowhere near as safe as they think they are, though- we’ve seen the exact same behavior through our many years working in the data security industry and dealing with a wide range of clients of all sizes.

Often times, a client will almost dare us to find sensitive data on their systems, confident that we’ll find nothing that a hacker would want to steal. Unfortunately, it always ends the same way- we find hoards of data on their systems, and the IT manager or business owner is at a loss to explain how or why the data is there in the first place.

Ground Labs’ software has found 100 million records of cardholder data such clients before (multiple times actually), and often these are clients who were previously declared themselves PCI compliant.

The point is, it’s very possible that you are storing large amounts of sensitive data that would be a goldmine for hackers to find. Hackers can install malware very quickly, with experts now seeing 50,000 servers becoming infected in just a matter of hours. If you have no way of detecting them, they can simply take their time to find the jackpot they’re looking for. Alternatively, their malware could reside on your servers undetected for months, waiting for something more interesting and valuable appear.

Data discovery tools help greatly in this respect, because they not only give you a detailed report on what sensitive data you’re storing and where the data can be found, but also allow you to remove or safeguard the data to prevent hackers from having anything to steal. (If you’re interested to find out more, check out groundlabs.com for more information on our data discovery solutions.)

Don’t be one of the many unfortunate companies who think they are secure but are actually far from it. Understand how safe you really are, and then start taking simple steps to increase your security level. Don’t wait to get hacked before taking data security seriously, because by then it’ll already be too late.