BitSight Technologies, the standard in Security Ratings, today released new research measuring the security performance of 300 major U.S. retailers from Nov. 1, 2013 to Nov. 1, 2014. The report reveals that retail is still under attack and consequently the security effectiveness of retail organizations as a whole has continued to decline over the past year. However, almost 75 percent of retailers that experienced a data breach in the last year have improved their security effectiveness since the point of their breach, while a third of the breached retailers link back to compromises via third-party vendors.
“While it’s encouraging that a majority of the breached retailers have improved their security effectiveness, there is more work to be done, especially in the area of vendor risk management,” said Stephen Boyer, co-founder and CTO of BitSight. “This trend in retail highlights the importance of proactive measures such as industry and peer benchmarking, as well as continuous monitoring of one’s supply chain. We are seeing retail take steps in the right direction, with the formation of the Retail Information Sharing and Analysis Center to increase intelligence sharing among retailers in the U.S., but more improvements are needed.”
The BitSight platform uses publically available data to rate the security performance of an organization on a daily basis. Observed security events and configurations, such as communication with a botnet, malware distribution, and email server configuration, are assessed for severity, frequency and duration and used to generate objective Security Ratings. BitSight Security Ratings range from 250 to 900, with higher ratings equating to higher security performance. BitSight uses a wide breadth of high-quality publicly available security data to calculate Security Ratings data on specific companies and industries.
To view an infographic of the results, please click here.