A new survey from Tripwire showed that while data breaches largely go undiscovered for a long period of time, retail firms are overly confident in their ability to detect breaches.
The survey, which evaluated the attitudes of 154 retailers across a number of cybersecurity topics, found that 42 percent of retailers expected to detect a data breach within 48 hours, while 18 percent said it would take 72 hours and 11 percent said it would take a week.
Industry research, however, suggests that detecting data breaches may be more difficult than expected, with many taking weeks, months or longer to detect. A 2014 report from Mandiant indicated that the average time to detect a breach was 229 days.
“I always say that trust is not a control, and hope is not a strategy,” Tripwire CTO Dwayne Melancon said. “Unfortunately, this data suggests that a lot of retailers are far too hopeful about their own cybersecurity capabilities. Despite ample historical evidence that most breaches go undiscovered for months, there is clearly a significant disconnect between perception and reality, even though the repercussions for failing to meet the required level of rigor around cybersecurity has led to the recent removal of retail executives and board members.”
Last year, a number of retailers, including Target and craft chain Michael’s, were hit by cyberattacks that compromised the data of millions of customers.
Melancon said the events have contributed to higher-level conversations about the importance of information security in the retail industry.
“This is a prime opportunity for retail information security executives to educate their nontechnical peers, advocate for resources and make substantive progress toward better information security,” Melancon said.