New York: Retailers spend 4 per cent of their technology budgets on security, compared with 5.5 per cent for banks and 5.6 per cent for health care companies, according to technology research firm Gartner.
Security experts urged retailers to set up a non-competitive “collaboration space” where they can virtually meet to share best practices and real-time alerts about data breaches as their peers in telecom, financial services, utilities, transportation and energy have done.
There are currently more than a dozen non-profit groups known as Information Sharing and Analysis Centres, or ISACs, that share real-time information about cyber threats and other emerging security risks.
“Having the tools and technology isn’t enough in this day and age,” Michael Kingston, Neiman’s chief information officer, acknowledged while testifying before the US Congress. “It’s often how you deploy this technologies and what else are you doing, which goes back to make sure we’re sharing intelligence as much as we can.”
“Retail has small margins and wants to keep prices low, and so they have been slow to improve their systems,” retail industry IT consultant Cathy Hotka said. But the imperative to do so is even greater given how much bolder and skilled hackers have become, she added.
Tom Litchford, vice-president of retail technologies at the trade group National Retail Federation, said merchants have made “significant” investments to classify and encrypt data and to train software developers and other staff.
But data show that retailers have traditionally spent proportionately less on security than other leading industries. “They don’t spend enough on isolating their payment card processing environment from the rest of their store networks and the public internet,” Gartner analyst Avivah Litan said. “This leaves their cardholder data environment open to security holes that the criminals punch through.”