Posts Tagged :

Stuart Reed

Online retailers must be transparent after a data breach, says NTT Security…

800 450 Jack Wynn

Online shoppers in the UK are demanding retailers to be honest and transparent on whether they have suffered a security breach, a survey commissioned by NTT Security has revealed.

When asked what retailers could do to help build consumer trust whilst online shopping, 80 per cent of the 500 survey respondents said they expect more transparency following a breach, as well as more secure payment options and for retailers to insist on regularly changing and using strong passwords.

Further to worrying about the risk of paying online and identity fraud, the majority are also concerned about the privacy of personal information (63 per cent), a site being fake (63 per cent) and the risk of being sent ‘phishing emails’ that link to malware (60 per cent).

Stuart Reed, director at NTT Security said: “The retail sector is among one of the most targeted industries for attacks and, with one of the busiest trading periods of the year now upon us, it makes sense that both consumers and retailers are diligent in terms of data security.

“While some shoppers are happy to continue using sites, even when they have been breached, they are also anxious for retailers to let customers know when they have been hacked. Consumers certainly seem to be growing in security awareness when online; more savvy, they are willing to take responsibility for their own security to some extent, but they are also more demanding of retailers and expect to see privacy and security polices displayed clearly on websites.”

However, only 18 per cent would permanently stop using a retailer’s website if a security breach was exposed and a third admit they would carry on using an online store but would upgrade their security.

More than 40 per cent believe retailers should publish their privacy policies to allow customers to see how data is being stored and managed, while a third (32 per cent) want stores to listen and respond to customer concerns via social media to help build consumer trust.

 

Read more on the research, including five top tips on how retailers can mitigate cyber risks here

Industry Spotlight: How can we address the cyber security skills shortage?

800 450 Jack Wynn

Various industry research studies suggest that many businesses of all sizes are ill-equipped to address cyber security threats, leaving them vulnerable to hackers.

According to NTT Security’s Risk:Value 2016 report, while most decision makers admit they will be breached at some point, just half agree information security is ‘good practice’. This raises the question as to why businesses are holding back from minimising the effects of an impending breach. Some argue there is a lack of internal resource to keep up with the growing threats, indicating that it is no longer possible for many organisations to tackle all aspects of security in-house.

Organisations are left under-skilled and under-resourced in security terms, and this is evidenced by a recent cyber security talent report, which estimates there are 1m unfilled security jobs worldwide. This is unlikely to change in the near future and could get worse – with Frost & Sullivan predicting there will be 1.5m unfilled jobs by 2020.

According to the firm, security analyst tops the list of positions that are in most demand, with 46 per cent reporting a staffing deficiency at that position, followed by security auditor (32 per cent), forensic analyst (30 per cent) and incident handler (28 per cent).

Information security needs to be seen as a career choice, with greater awareness in schools and colleges globally in order to attract more people into the profession. Until then, companies need to think carefully about a future that relies on getting by with existing resources or outsourcing some or all of their security operations.

An organisation’s IT team will be grounded in IT fundamentals and daily business operations, so would be well placed to take on roles in cybersecurity. Security experts need a great mix of technical and soft skills, which are usually honed over many years. They need to know how to communicate effectively with non-IT colleagues and understand business processes, compliance and analytics. They also need to have a genuine interest in cybersecurity.

Training staff is a long-term investment, but technology products change faster than an organisation can train its team. A commitment to training and professional development is a strategic decision needing budget. There’s the cost of training, as well as the length of time it takes to train each person while keeping skills and certifications up-to-date. Plus, when people leave, you have to start the process over again.

Investing in internal resources therefore isn’t an option for a large number of organisations. Almost half of companies worldwide lacked in-house security skills, according to Frost & Sullivan’s 2015 (ISC)2 Global Information Security Workforce Study, while a third plan to use managed and professional services to address these skills shortages.

Outsourcing some or all of an organisation’s security operations to a Managed Services Provider can alleviate the problem. A trusted provider will know how and where to find the right experts, invest in training and improving professional qualifications, and continuously monitor an organisation’s network round the clock. If companies find they don’t need to fully outsource their security operations, they can use an MSSP to fill specific gaps, such as incident response.

There’s no silver bullet in terms of training internal resources or hiring new resources, but there’s never been a more important time to address the skills gap.  

 

Words by Stuart Reed, senior director at NTT Security