Only 18 percent of retail IT security professionals are concerned that point of sale devices are being targeted by cyber criminals, and only 20 percent are “confident” that point of sale devices are securely configured, according to Tripwire.
“It’s imperative that enterprises establish the ability to continuously monitor their network for unknown devices and applications, validate them against a trusted reference point, and quickly remediate weak or unsafe configurations,” said Dwayne Melancon, CTO for Tripwire. “Standards, machine-to-machine learning and continuous security configuration management can significantly accelerate progress toward this goal.”
Key findings from the study included:
- Thirty-four percent of retail executives were “not confident” all the devices on their networks were authorized. Just 18 percent of financial services respondents and 20 percent of energy sector respondents expressed the same doubts.
- Thirty-six percent of retail executives were “not confident” that all the devices connected to their networks were running only authorized software. Only 25 percent of financial service respondents and 32 percent of energy respondents shared the same concern.
- Only 25 percent of retail executives expected to receive additional budget to support the expanded security necessary to protect IoT devices. Fifty-nine percent of financial respondents and 52 percent of energy respondents expected to receive additional budget.
- Over 45 percent of retail executives said they were “not concerned at all” about the security risks associated with IoT devices connected to their networks, while 35 percent of financial services respondents said they are “very concerned.”
“The results of this research reflect many of the challenges retail security teams face,” said Ken Westin, security and threat analyst for Tripwire. “One of the most positive findings is that retail organizations can dramatically improve security by focusing on a few key fundamentals. After all, you can’t keep anything secure if you don’t know it’s on your network.”
The study also revealed that 35 percent of retail IT professionals have inadequate visibility into the security of common devices already on their networks such as routers, switches, modems and firewalls, and 51 percent don’t believe they can effectively communicate the security risks associated with IoT devices to the C-suite and corporate board.
The study was conducted by Atomic Research between July and September 2014 and compared the attitudes of 276 retail executives and IT professionals in the U.S. and U.K. with 431 respondents in the same roles in energy and finance industries.