With more than 174 million Americans shopping over the Thanksgiving holiday weekend, it’s looking to be a busy holiday season for retailers this year. As shoppers continue hunting for the perfect gift over the next couple weeks, it’s important to remember that cyber criminals will likely be on the hunt as well. How prepared are retailers to deal with an attack?
In an effort to answer that question, Tripwire surveyed IT security professionals working in retail organisations about their experiences and attitudes towards factors affecting IT security. The results found that a large majority are not fully prepared for data breaches this holiday season.
Of the respondents, only 28% of respondents said they have a fully tested plan in place in the event of a security breach. 21% said their organisation doesn’t have a plan at all, and the same proportion of respondents said they didn’t have the means to notify customers of a data breach within 72 hours, a requirement specified by the General Data Protection Regulation (GDPR).
“Considering the amount of high-profile data breaches that have occurred recently, plus the continued discussion around GDPR, it is surprising and concerning that many retailers do not have a tested plan in the event of a security breach,” said Tim Erlin, vice president of product management and strategy at Tripwire. “It’s encouraging that most respondents think they can meet the 72-hour notification window as set out in the upcoming GDPR, but if they haven’t tested their plans, I don’t know how confident they should be in that assumption.”
Only a small minority of the retail industry felt fully secure in their incident response capabilities. 23% of respondents said they were “fully prepared” to absorb potential financial penalties. Even fewer professionals (15%) said they were fully prepared to manage customer and press communications following an incident.
Not all the survey’s findings were discouraging, however. The results did provide some hope that the industry is moving in the right direction. More than half of respondents (57%) said that their organisation’s ability to detect and respond to a security breach has improved in the past year and a half. With the holiday season in full swing, organisations should make sure they have proper security safeguards in place.
“It’s really critical that organisations have a good view of what’s on their network at all times, that they harden their systems with secure configuration and vulnerability management, and that they are able to continuously monitor for change and are alerted to any drift outside the established security and compliance policies,” said Erlin.
There are a number of effective and established security control frameworks available to guide organisations, such as the CIS Critical Security Controls. Implementing even the most basic security controls can go a long way in improving an organisation’s security posture.
Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow
The post Nearly three-quarters of retail orgs lack a breach response plan appeared first on IoT Now – How to run an IoT enabled business.
Read more here:: www.m2mnow.biz/feed/
The GSMA announced that mobile operators deploying new Mobile IoT networks will be able to benefit from the European connected energy market estimated to be worth US$26 billion(€21.99 billion) by 2026. Data shared by analyst house Machina Research highlights the huge growth opportunity in the emerging connected energy market that could connect approximately 158 million new smart meters on LPWA networks across Europe. The total number of connections in Europe could be further increased if the 60 million cellular connections are also included with LPWA.
“The Internet of Things is fundamentally disrupting the smart utility market by providing ubiquitous connectivity and real-time, actionable data. Mobile IoT networks will take this further by offering energy providers a cost-effective solution to connect millions of smart meters,” said Alex Sinclair, chief technology officer, GSMA.
“There is a real sense of momentum behind the roll-out of Mobile IoT networks with multiple global launches, however, there is still a huge runway for growth. We encourage operators to act now to capitalise on this clear market opportunity and further accelerate the development of the IoT.”
The current connected energy market, which includes applications related to the generation and transportation of energy, microgeneration, smart grid and distribution monitoring and smart metering, is worth an estimated US$11.7 billion(€9.90 billion). The European connected energy market represents approximately 21% of all global revenues, with APAC claiming 54% and the Americas 21%.
The European Commission recently published a proposal indicating that approximately 200 million electricity smart meters and 45 million gas meters will be rolled out by 2020. The Commission also estimates that by 2020, approximately 72% of Europeans customers will have a smart meter for electricity and about 40% for gas.
“In the coming years we will see an important change in the way natural gas networks operate. The need for more efficient operations, improved safety and better quality of service will be paramount and we can do this through the roll-out of smart gas metering systems. We are moving towards the digitalisation of gas networks, a transformation from “pipe-centric” systems to “data-centric” systems.
To make this happen, reliable communication means are a must and the arrival of NB-IoT and LTE-M represents an acceleration of this evolution. These new technologies offer everything necessary, such as long battery life, penetration and data security, as well as licensed spectrum,” commented Gianfranco De Feo, executive director, Shanghai Fiorentini Ltd.
Mobile IoT networks supporting growth of connected energy
Mobile IoT networks are designed to support mass-market IoT applications across a wide variety of use cases including connected energy solutions such as water and gas metering, smart grids, electricity and energy monitoring. They support IoT applications that are low-cost, use low data rates, require long battery lives and often operate in remote and hard to reach locations making them ideal for the connected energy sector.
Mobile networks are already supporting the smart electric metering market, but now other sectors such as water and gas metering are turning their attention to the benefits of adopting NB-IoT and LTE-M networks due to low power and better […]
Read more here:: www.m2mnow.biz/feed/
IoT is having a profound effect on business. According to Jordan O’Connor, technical lead EMEA at SOTI, 57% of all global businesses have adopted IoT practices and 72% of those believe their company is more profitable since embracing IoT. With this large scalability, however, comes the potential for catastrophe. More connected devices bring new business challenges around […]
Read more here:: www.m2mnow.biz/feed/
BuildingIQ has partnered with the Springfield Land Corporation (SLC) to implement its cloud-based platform for creating IoT-enabled buildings, at 6 Yoga Way Springfield Central which houses GE’s Queensland, Australia headquarters among other tenants. The 14,000-square meter, AU$72 million futuristic office, located in central business district (CBD), boasts a stellar reputation for sustainability with a 6 […]
Read more here:: iot.do/feed
Why are people still such suckers for phishing? At a security event in New York this week, top law enforcement officials shared their concerns and, to my surprise, their biggest pre-occupation was plain old e-mail.
“The most devastating attacks by the most sophisticated attackers almost always begin with the simple act of spear-phishing,” Homeland Security Secretary Jeh Johnson told the crowd, referring to malicious emails that appear to come from a credible source.
He has a point. The John Podesta email debacle began when the politico fell for a fake Gmail message, and those celeb-gate hacking victims likewise got tricked by phishing. So what can we do about it?
Education is one approach. Johnson says his agency sends emails to its own employees with suspicious links for goodies like “free Redskins tickets.” Those who click on the link receive instructions to show up to a spot to collect their tickets–where they instead receive a free lesson on cyber-hygiene.
And of course technology is another way to fight phishing. At the security event, Manhattan District Attorney Cyrus Vance announced that the non-profit Global Cyber Alliance had created a free tool to help organizations install DMARC software to detect fraudulent and spoofed messages.
“Phishing–mundane as it is–is the biggest threat we face and need to tackle,” said Vance, who added that, after terrorism, cyber-security is New York’s top priority.
Meanwhile, the phishing plague means security firms like Proofpoint are doing a roaring trade in helping companies navigate new twists such as “angler phishing” (yes, it’s named after Finding Nemo) that rely on contaminated social media links.
So readers, be careful what you click–though do click on some of the good stuff we have below to get up to date on the latest cyber news. (We’re light on fin-tech items this week but, in light of the Coinbase-IRS news, you bitcoin buyers are probably too busy fretting about an audit).
Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. You may reach Fortune reporter Robert Hackett via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.
Get your head out of the iClouds. iPhone owners can lock down their device from outside eyes — even those at Apple. But iCloud has always been a different story. Those who enable it (ie most of you) put their data in an online warehouse that ran be raided by the FBI and others. Now, it turns out this data also includes call logs and FaceTime meta-data. (Fortune)
This is Poison Tap. It’s about as sinister as the name suggests. A hacker famous for his low-cost exploits has built a $5 card-sized device that, when plugged into a computer’s USB port, can intercept all its unencrypted web traffic. It works even if the computer is locked with a password. (Ars Technica)
Cheap-o phones call China for free. There’s lots of reasons not to rely on $50 Android phones, but here’s one more: researchers found many of the devices sold in the US come with a built-in backdoor that transmits your text messages to China every 72 hours. (New York Times)
Name – and shame! – that device: IT Security firm Zscaler helpfully scanned IoT devices in use by its enterprise customers and said which ones are insecure. So take a bow, Chromecast and Roku, you’re all good. Wish we could say as much for these popular makers of printers, TVs, DVRs and security cameras. (Zscaler blog)
Give me the good (and bad) news. Well, you can be glad DDoS attacks are not on the rise. What a shame, then, that they’re increasing in severity. A new Akamai report cites a record number of “mega attacks” in the last quarter, powered in part by the Mirai botnet. (Fortune)
Oh, and if there are any Edward Snowden haters out there, this expletive-bomb headline will make your day.
Share today’s Data Sheet with a friend:
Looking for previous Data Sheets? Click here.
Robert and I got an exclusive tour of New York City’s brand new cyber-crime lab, where we saw forensic detectives crack phones and catch crooks.
Fortune got a glimpse of Law & Order in the digital age. The lab is Exhibit A in how America’s biggest city is embracing big data analytics and a dash of hacker culture to solve complex crimes …
Visitors turn their attention to the spectacular array of electronics contained within. Circuit boards, hard drives, wires, soldering irons, and phones of every make and model are strewn about eight workstations.
Read more on Fortune.com
Prediction: The Internet Will Get Shut Down Many More Times in 2017 by Robert Hackett
Ethereum Survives Hack But It’s Still Behind Bitcoin by Jeff John Roberts
Intel Wants to Make a Full Court Press on Artificial Intelligence by Jonathan Vanian
Can You Crash an Autonomous Car Ethically? by Andrew Nusca
ONE MORE THING
Wikileaks wigs out and so does the cat. The world of Wikileaks and Julian Assange is a screwy, squirrelly place at the best of times. But lately the wiki-geeks are wigging out over alleged oddities in the hash system that forms part of a “dead man switch” for Assange. Oh and his cat is now wearing a tie, really. (New York mag)
Read more here:: fortune.com/tech/feed/