More sophisticated cyber intruders are bypassing the defenses of retail and consumer (R&C) organizations and accessing sensitive data. These attackers are increasingly coming through the supply chain, according to “The Global State of Information Security Survey 2014,” a new report from PricewaterhouseCoopers (pwc).
R&C respondents report a 30% jump in detected incidents over the last year, however the number of respondents who do not know the frequency of incidents continues to climb—it’s now at 19%. The report’s authors cite the growing cost and complexity of responding to incidents. They state that average financial losses as a result of security incidents increased 46% last year.
The increase in data sharing throughout the supply chain accounts for the complexity of this problem. Most respondents attribute security incidents to everyday insiders like current employees (29%) or former employees (29%). However, this year, 15% of respondents cite current service providers, consultants, and contractors—a 69% jump over last year.
Thirty percent of survey respondents attribute security breaches made by outsiders to hackers, up 45% over last year. Another top source of incidents attributed to outsiders is competitors, cited by 16% of respondents.
To prepare for future threats, R&C respondents say they are considering implementing safeguards that include data loss prevention tools (54%), point-to-point encryption (51%), tokenization (32%), outsourced processing and storage (30%), and data masking (22%). Pwc also reports seeing an increased focus on securing the supply chain. This year, 33% of respondents say they plan to implement a secure supply chain management solution, while 31% say a secure supply chain solution is already in place.
The greatest obstacles to improving information security include ineffective leadership from the CEO, which was cited by 25% of respondents. Other top obstacles include limited understanding of how future business needs impact security and inadequate capital and operating budgets.
