If a week is a long time in politics, then 24 hours is an absolute age in ecommerce security terms. Which make the findings of a Tripwire survey, published today, all the more worrying.
The survey, conducted by Atomic Research, questioned 102 financial organizations and 151 retail organizations which process card payments in the United Kingdom. It has concluded that 35% of organisations takes two or three days to detect a breach, with 44% admitting they could protect customer data better.
This gets more worrying when you realise that 24% had already been victims of a data breach which saw Personally Identifiable Information either stolen or accessed, and 36% of those asked said they didn't have confidence in their incident response plans. With only 51% being 'somewhat confident' that the security controls they have in place are capable of detecting malicious applications you might think this would be a serious cause for concern for the organisations concerned. Yet an incredibly high 40% of them simply refused to believe that all those recent, and very high profile, card holder breaches we have been reading about have changed the opinions of high level executives when it comes to security strategy.
Tim Erlin, director of IT security and risk strategy for Tripwire which sponsored the report, calls it shocking that there is such a high level of confidence exhibited by respondents. "60% of respondents said they are confident that their security controls are able to prevent the loss of data files" Erlin says, continuing "but this confidence flies in the face of recent evidence to the contrary."