With more than 174 million Americans shopping over the Thanksgiving holiday weekend, it’s looking to be a busy holiday season for retailers this year. As shoppers continue hunting for the perfect gift over the next couple weeks, it’s important to remember that cyber criminals will likely be on the hunt as well. How prepared are retailers to deal with an attack?

In an effort to answer that question, Tripwire surveyed IT security professionals working in retail organizations about their experiences and attitudes towards factors affecting IT security. The results found that a large majority are not fully prepared for data breaches this holiday season.

Of the respondents, only 28 percent of respondents said they have a fully tested plan in place in the event of a security breach. Twenty-one percent said their organization doesn’t have a plan at all, and the same proportion of respondents said they didn’t have the means to notify customers of a data breach within 72 hours, a requirement specified by the General Data Protection Regulation (GDPR).

“Considering the amount of high-profile data breaches that have occurred recently, plus the continued discussion around GDPR, it is surprising and concerning that many retailers do not have a tested plan in the event of a security breach,” said Tim Erlin, vice president of product management and strategy at Tripwire. “It’s encouraging that most respondents think they can meet the 72-hour notification window as set out in the upcoming GDPR, but if they haven’t tested their plans, I don’t know how confident they should be in that assumption.”

Only a small minority of the retail industry felt fully secure in their incident response capabilities. Twenty-three percent of respondents said they were “fully prepared” to absorb potential financial penalties. Even fewer professionals (15 percent) said they were fully prepared (Read more...)