Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Retailers take 197 Days on Average to Identify Security Breaches

A new report published by Arbor Networks and the Ponemon Institute explains how Financial Service and Retail Organizations tackle advanced threats. Regardless of the recent string of high-profile cyberattacks plaguing companies worldwide, the retail industry is still behind on cybersecurity standards, according to new reports published by Arbor Networks and the Ponemon Institute. Researchers disclosed it takes […]

Retailers take 197 Days on Average to Identify Security Breaches

A new report published by Arbor Networks and the Ponemon Institute explains how Financial Service and Retail Organizations tackle advanced threats.

Regardless of the recent string of high-profile cyberattacks plaguing companies worldwide, the retail industry is still behind on cybersecurity standards, according to new reports published by Arbor Networks and the Ponemon Institute.

Researchers disclosed it takes retailers on average, 197 days to identify if the company has been breached by a potential threat and took companies an additional 39 days to properly mitigate it. In addition, Arbor Networks released information on financial service organizations, reporting it took roughly 98 days to identify the breach and another 26 days to contain it.

financial services retail response

According to the firm, retailers often identify breaches due to “a gut feeling.” Further research identified 23 percent of breached retailers used forensic evidence, 21 percent used attack signatures,

while 16 percent had used threat intelligence that had been shared by industry experts. Though a vast majority of retailers, some 38 percent, said they simply had a gut feeling. The same survey in the finance industry revealed 34% identify breaches based on forensic evidence, 23% signatures, 25% public/known threats, with a staggering 20% stated the same gut feeling.

Reports also reveal retailers and finance industries spent roughly 22 percent of their security budget on “cyber kill chain activities,” where companies mitigate a threat before it occurs, ranging anywhere from nabbing the attackers first steps or just before their inevitable goal.

Retailers and financial industry experts shared the same fear in securing information, noting their companies lacked confidence in their ability to identify threats. Only 58 percent of financial organizations said their security teams had been effective at identifying and eradicating advanced threats. Retailers scored a similar number, with just over half being effective while the other half said their team was not.

“I think it’s one of the reasons you see them looking at more people-based” solutions, says Arabella Hallawell, vice president of corporate strategy at Arbor Networks.

Security experts believe companies are veering away from previous signature-based threat models and are moving to hire industry experts with vast knowledge in cybersecurity

. Though industry experts are in short supply, retailers on average have around 11 employees responding to security alerts,  while financial organizations have roughly 19 employees’.

As seen with recent breaches of massive retailers and financial organizations, it can take some companies, such as Target, only a few weeks to identify a security breach, where it could take numerous high-profile financial institutions over a year and a half to identify security breaches.

Security breaches pose an extreme threat to any industry, but retail and financial organizations are used by millions and have the largest public target on their back. Reports indicate that reliable security solutions are in high demand as the complexity of cyber attacks evolve.

About the Author Brandon Stosh

Information Security Researcher, Malware Analyst, Technical Writer and founder of FreedomHacker.

(Security Affairs –Arbor Networks, Retail)