On July 21, 2014, Brian Krebs (once again) broke the news of a potentially major retail breach. Goodwill Industries and its 165 independent agencies across North America appear to be the most recent victims in the seemingly plagued retail industry.
The news is reminiscent of the events back in January of this year when details of Target’s data breach were emerging along with reports of breaches at other retailers. At the time BitSight raised the concern that the Target breach was likely a harbinger of more breach announcements to follow.
Since then, BitSight has continued to observe evidence of system compromise inside hundreds of retailers over the course of the year. Based on our data and analysis, we observed that there were many retailers with poor performance and that this downward trend has continued into the second half of 2014, as the chart below depicts.
While consumers wait for details to emerge around this latest incident, we thought it would be a good moment to reflect back on some of the major retail breaches we’ve seen this year.
January
February
March
April
May
June
July
This list is certainly sobering but by no means comprehensive. It only includes some of the highest profile reported incidents so far this year. There are likely many more breaches that have not and will not be reported.
The data here compels us to reiterate today what was expressed back in January: the evidence strongly suggests that organizations in the list above are not alone and does not bode well for the rest of the year.
So what can retailers and others do to strengthen their security posture? What this trend in retail highlights is the importance of industry and peer benchmarking. When organizations focus on measuring their performance, they gain insight into changes in their posture, and can better understand what actions are helping to improve their ratings. Benchmarking against well-performing industries and comparing security practices can help set strategy and herald the adoption of new standards.
For example, as we’ve shown in past analysis, financial services organizations sit at the top for a reason. They’ve adopted continuous monitoring, respond and recover quickly to emerging threats, conduct regular risk assessments and, most importantly, have made cyber security an executive and board-level issue. As retailers begin to adopt more of these measures and follow the best practices of top performing peers, we will likely see the number of breach incidents decline.
As time goes on, organizations are taking on more and more new digital transformation initiatives to become increasingly agile and boost productivity — dramatically transforming the number of digital touchpoints employees interact with on...
An effective third party cyber risk management program both identifies potential threats and finds ways to mitigate them. Organizations should aspire to the highest possible standards when it comes to their security posture. To do so, they...
Following an increase in ransomware cyber attacks, most notably May 2017’s WannaCry attack, U.S. public sector entities are starting to see the effects of these attacks on the almost $4 trillion municipal debt market. As a result, issuers...
© 2021 BitSight Technologies. All Rights Reserved. | Privacy Policy | Security | For Suppliers
Contact Us | BitSight Technologies | 111 Huntington Ave, Suite 2010, Boston, MA 02199 | +1-617-245-0469