Retail Data Threats Seeping through Supply Chains

Dec. 11, 2013
An increase in data sharing throughout the supply chain accounts for the complexity of protecting sensitive data.

More sophisticated cyber intruders are bypassing the defenses of retail and consumer (R&C) organizations and accessing sensitive data. These attackers are increasingly coming through the supply chain, according to “The Global State of Information Security Survey 2014,” a new report from PricewaterhouseCoopers (pwc).  

R&C respondents report a 30% jump in detected incidents over the last year, however the number of respondents who do not know the frequency of incidents continues to climb—it’s now at 19%. The report’s authors cite the growing cost and complexity of responding to incidents. They state that average financial losses as a result of security incidents increased 46% last year.

The increase in data sharing throughout the supply chain accounts for the complexity of this problem. Most respondents attribute security incidents to everyday insiders like current employees (29%) or former employees (29%). However, this year, 15% of respondents cite current service providers, consultants, and contractors—a 69% jump over last year.

Thirty percent of survey respondents attribute security breaches made by outsiders to hackers, up 45% over last year. Another top source of incidents attributed to outsiders is competitors, cited by 16% of respondents.

To prepare for future threats, R&C respondents say they are considering implementing safeguards that include data loss prevention tools (54%), point-to-point encryption (51%), tokenization (32%), outsourced processing and storage (30%), and data masking (22%). Pwc also reports seeing an increased focus on securing the supply chain. This year, 33% of respondents say they plan to implement a secure supply chain management solution, while 31% say a secure supply chain solution is already in place.

The greatest obstacles to improving information security include ineffective leadership from the CEO, which was cited by 25% of respondents. Other top obstacles include limited understanding of how future business needs impact security and inadequate capital and operating budgets.