Tripwire Study: Retailers Overconfident in Endpoint Cyber Security Despite Point-of-Sale Threats

Industry leader evaluates confidence in seven key security controls required to detect cyber attacks on endpoints

PORTLAND, Ore.--()--Tripwire, Inc., a leading global provider of security and compliance solutions for enterprises and industrial organizations, today announced the results of an extensive Tripwire study conducted by Dimensional Research. The study evaluated the confidence of IT professionals regarding the efficacy of seven key security controls, which must be in place to quickly detect a cyber attack in progress. Study respondents included 763 IT professionals from various industries, including 100 participants from the retail sector.

Despite unique attacks on their sector, retail IT professionals participating in Tripwire’s study were overconfident in their ability to quickly collect the data needed to identify and remediate a cyber attack. For example, seventy-one percent of the retail respondents believed they could detect configuration changes to endpoint devices on their organizations’ networks within hours. However, only fifty-one percent of the respondents knew exactly how long this process would take.

According to Verizon’s 2016 Data Breach Investigations Report (DBIR), ninety-nine percent of successful system compromises occurred within hours and it took seventy-nine percent of retailers weeks or longer to discover that a breach had occurred. It also found that eighty-nine percent of breaches impacting the retail sector either had a financial or espionage motive, and sixty-four percent of retail data breaches involved point-of-sale intrusions.

“The increased scrutiny of retail cyber security in the wake of major breaches has forced organizations to focus on securing their environments, yet these survey results show that there’s still a lot of room for improvement,” said Tim Erlin, senior director of IT security and risk strategy at Tripwire.

Additional retail findings from the study included:

  • Eighty-four percent of the respondents said they could isolate and remove an unauthorized device on their networks within hours; however, only fifty-one percent know exactly how long this process would take.
  • Only forty-three percent of the respondents know exactly how long it would take for their vulnerability scanning systems to generate an alert if an unauthorized device was detected on their networks, but eighty-one percent believe it would happen within hours.
  • Fifty-one percent of the respondents believe their automated tools do not pick up all the necessary information, such as the locations and departments, needed to identify unauthorized configuration changes to endpoint devices.
  • Over one-third (thirty-six percent) of the respondents said less than 80 percent of patches succeed in a typical patch cycle.
  • Thirty-eight percent of the respondents reported that all detected vulnerabilities are not fixed within 15 to 30 days.

Erlin continued: “Retailers are well aware of the risks involved and need to remain focused on implementing strong controls to limit malicious access to their environments.”

Tripwire’s study is based on seven key security controls required by a wide variety of compliance regulations, including PCI DSS, SOX, NERC CIP, MAS TRM, NIST 800-53, CIS Top 20 and IRS 1075. These controls also align with the United States Computer Emergency Readiness Team’s (US-CERT) recommendations and international guidance, such as the Australian Signals Directorate’s Strategies to Mitigate Targeted Cyber Intrusions.

The recommendations and guidance include:

  • Accurate hardware inventory.
  • Accurate software inventory.
  • Continuous configuration management and hardening.
  • Comprehensive vulnerability management.
  • Patch management.
  • Log management.
  • Identity and access management.

When implemented across an organization, these controls deliver specific, actionable information necessary to defend against the most pervasive and dangerous cyber attacks. It is vital for organizations to identify indicators of compromise quickly so that appropriate action can be taken before any damage is done.

Additional Resources:

Infographic: Are Retail Sector IT Pros Overconfident in Data Breach Detection Skills?

Blog: Retail IT Security: Consider More Room for Improvement

Blog: 12 Top Talks from the 2016 Retail Cyber Intelligence Summit

About Tripwire

Tripwire is a leading provider of security, compliance and IT operations solutions for enterprises, industrial organizations, service providers and government agencies. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business context; together these solutions integrate and automate security and IT operations. Tripwire’s portfolio of enterprise-class solutions includes configuration and policy management, file integrity monitoring, vulnerability management, log management, and reporting and analytics. Learn more at, get security news, trends and insights at or follow us on Twitter @TripwireInc.


Eva Hanscom, 415-846-6822
Cindy Valladares, 503-784-8178

Release Summary

71% of retail IT professionals believed they could detect configuration changes to endpoint devices on their organizations’ networks within hours. But, 51% knew how long this process would take.


Eva Hanscom, 415-846-6822
Cindy Valladares, 503-784-8178