New Cyber Risk Report Discloses Gaping Holes in Retailers' Information Security

Bay Dynamics "Pre-Holiday Retail Risk Report" Reveals Retailers are Unaware of Sensitive Data Leaks


SAN FRANCISCO, CA--(Marketwired - December 08, 2015) - In the midst of the holiday shopping season, Bay Dynamics® released a new report today that uncovers major security pitfalls among retail businesses. The report, titled "The Pre-Holiday Retail Risk Report," reveals a significant amount of retailers assign the same login credentials to employees and do not know if employees have leaked sensitive data -- in spite of the majority claiming full confidence that their sensitive information is sufficiently protected.

"As our report shows, retailers have a false sense of confidence when it comes to securing their sensitive information. They think they are doing a great job when in reality, there are gaping holes," said Ryan Stolte, Co-founder and Chief Technology Officer at Bay Dynamics. "For example, many retailers claim they know everything their employees are doing on their networks yet a significant amount assign shared accounts meaning they have limited visibility into what their individual employees are actually doing on the inside."

The report is based on a survey conducted in November 2015 by the third party research company, Osterman Research Inc., asking IT decision makers -- IT Managers, CISOs, CIOs, etc. -- within 125 retail organizations about the cybersecurity risks employees, both temporary and permanent, pose to their organizations. All of the respondents work in enterprise retail organizations with at least 2,000 employees and are based in the United States.

Highlights from the report include:

  • Employees are using shared accounts: While a majority or half (62% and 50% respectively) of respondents said they know everything their permanent and temporary employees are doing on their corporate systems, 21% said permanent retail floor workers and 61% said temporary floor workers do not have unique login credentials for corporate systems.
  • Access unknown: 37% of respondents said they cannot identify which systems their temporary employees have accessed.
  • Do not know if sensitive data is being leaked: More than a quarter of respondents said they don't know if their temporary employees have ever accessed and/or sent data they should not have accessed or sent.
  • Acknowledge all employees pose a security risk: Almost half (47%) of respondents said temporary workers are somewhat risky to their organization and more than a third view them as a high risk. The majority (66%) also view permanent workers as somewhat risky.
  • False sense of confidence: In spite of the data listed above, on a scale of 1 to 7, with 7 being the most proactive, the majority of retailers (80% or higher) gave themselves a 6 or higher when it comes to identifying critical assets that must be protected, detecting theft or data leakage, and controlling employee access to critical assets.

"Retail organizations, especially during the holiday season, continue to promote a culture that focuses on keeping the lights on," said Michael Osterman, Principal Analyst at Osterman Research Inc. "Security is overlooked and that needs to change. Criminals will do whatever it takes to get inside whether that's landing a job as a temporary employee during the holiday season or exploiting an employee from afar. To thwart their efforts, retailers need full visibility into what employees are doing on their network or otherwise risk getting breached."

To help retailers minimize their cyber risk, Bay Dynamics recommends retailers take an inside-out approach to security. That includes focusing on how their insiders -- employees and third party vendor users -- are behaving daily so that if a user isn't acting like himself or is exhibiting risky behavior, the retailer can identify, address and remediate it.

To download "The Pre-Holiday Retail Risk Report" go to: http://baydynamics.com/resources/pre-holiday-retail-risk-report/

About Bay Dynamics

Bay Dynamics® is the market leader in predicting and stopping cyber-attacks before they happen. The company specializes in cyber risk predictive analytics, identifying behaviors of company insiders, third party contractors and outsiders that may lead to an attack. The company's purpose-built Risk Fabric® platform assembles and correlates relevant data from existing tools in a novel patented way to provide actionable cyber risk insights, before it's too late. Bay Dynamics enables some of the world's largest organizations to understand the state of their cybersecurity posture, including contextual awareness of what their insiders, vendors and bad actors are doing, which is key to effective cyber risk management. For more information, please visit www.baydynamics.com.

Follow Bay Dynamics on Twitter at www.twitter.com/BAYDYNAMICS, on LinkedIn at www.linkedin.com/company/bay-dynamics/, and on Facebook at www.facebook.com/bay.dynamics.

Bay Dynamics and Risk Fabric are registered trademarks of Bay Dynamics, Inc. Vendor Risk Assurance is a trademark of Bay Dynamics, Inc. Other trademarks mentioned are the property of their respective owners.

Contact Information:

Media contact:
Abby Ross
abby.ross@baydynamics.com
312-443-2460