The latest retail security ratings from BitSight show signs that retailers are still under attack — but that those who have survived came out significantly more secure.
In research that monitored US retailers from Nov. 1, 2013 to Nov. 1 2014, BitSight found that although the industry is still very much a hack target, 75 percent of retailers hit with a breach managed to improve their security effectiveness. A third of retailers attribute their breaches to compromises linked back to third-party vendors.
"While it’s encouraging that a majority of the breached retailers have improved their security effectiveness, there is more work to be done, especially in the area of vendor risk management," said Stephen Boyer, co-founder and CTO of BitSight, in a statement. "This trend in retail highlights the importance of proactive measures such as industry and peer benchmarking, as well as continuous monitoring of one's supply chain."
BitSight says that nearly a third of all retail breaches began with a compromise at a third-party vendor, due to the fact that retailers share sensitive data with hundreds to thousands of business partners globally. And although organizations have the ability to take steps to secure their networks, many wind up ignoring the risks tied to third parties.
Additionally, BitSight found that the retail industry encountered an increase in infections in every threat indicator it monitors. Malware distribution saw the largest increase, followed by botnet infections. As for the prevalent malware strains, BitSight says it detected an abundance of Maazben, ZeroAccess, Zeus, Viknok, Conficker and Cutwail.