If a week is a long time in politics, then 24 hours is an absolute age in ecommerce security terms. Which make the findings of a Tripwire survey, published today, all the more worrying.

The survey, conducted by Atomic Research, questioned 102 financial organizations and 151 retail organizations which process card payments in the United Kingdom. It has concluded that 35% of organisations takes two or three days to detect a breach, with 44% admitting they could protect customer data better.

This gets more worrying when you realise that 24% had already been victims of a data breach which saw Personally Identifiable Information either stolen or accessed, and 36% of those asked said they didn't have confidence in their incident response plans. With only 51% being 'somewhat confident' that the security controls they have in place are capable of detecting malicious applications you might think this would be a serious cause for concern for the organisations concerned. Yet an incredibly high 40% of them simply refused to believe that all those recent, and very high profile, card holder breaches we have been reading about have changed the opinions of high level executives when it comes to security strategy.

Tim Erlin, director of IT security and risk strategy for Tripwire which sponsored the report, calls it shocking that there is such a high level of confidence exhibited by respondents. "60% of respondents said they are confident that their security controls are able to prevent the loss of data files" Erlin says, continuing "but this confidence flies in the face of recent evidence to the contrary."

64 Views
About the Author

A freelance technology journalist for 30 years, I have been a Contributing Editor at PC Pro (one of the best selling computer magazines in the UK) for most of them. As well as currently contributing to Forbes.com, The Times and Sunday Times via Raconteur Special Reports, SC Magazine UK, Digital Health, IT Pro and Infosecurity Magazine, I am also something of a prolific author. My last book, Being Virtual: Who You Really are Online, which was published in 2008 as part of the Science Museum TechKnow Series by John Wiley & Sons. I am also the only three times winner (2006, 2008, 2010) of the BT Information Security Journalist of the Year title, and was humbled to be presented with the ‘Enigma Award’ for a ‘lifetime contribution to information security journalism’ in 2011 despite my life being far from over...