Survey Reveals Inability to Track and Trace Data Access Among UK retailers

This article is brought to you by Retail Technology Review: Survey Reveals Inability to Track and Trace Data Access Among UK retailers.

Figures out today indicate that almost half (45 per cent) of medium to large retailers in the UK who handle credit card transactions are unable to track and trace who has been accessing data within the company network according to a survey carried out by research experts Vanson Bourne on behalf of LogLogic, the leader in log management integration.

Restrictions on budget (24 per cent), time (14 per cent) and other priorities (41 per cent) were cited as the reasons why concerned IT directors didn't have systems in place to track and trace data access.

Of the 55 per cent who are able to track and trace data access, only a quarter are able to identify and analyse potential security breaches within one hour. 31 per cent didn't know how long it would take to track and trace, while for 14 per cent of those questioned, it can take more than 8 hours, the equivalent of a working day.

Despite the launch in 2004 of the PCI Standard which is designed to protect card holder data, only 14 per cent of those questioned said that they had reached PCI compliance. Only 25 per cent of respondents said that senior management within their company viewed PCI as a valuable mandate with obvious benefits to the company and its customers.

In contrast, given the choice, 65 per cent of the IT directors surveyed said that, as a consumer, they would personally feel more re-assured purchasing from a retailer who was PCI compliant.

Compounding the situation further are the findings from an additional consumer survey from TNS - again commissioned by LogLogic - which found that 42 per cent of adults in the UK have taken data out of the workplace to work on at home - almost half of this (45 per cent) being classed as confidential. While only 14 per cent of those questioned said that they accessed data which was not directly related to their job, over one third of these said that they would change their behaviour if they knew that their IT movements were being monitored.

Commenting on the findings, Henning Ogberg, vice president, LogLogic EMEA, said: "These research findings are concerning. They come at a time where instances of identify theft and data loss are increasingly commandeering column inches across the media. As such, retailers need to reassure consumers that their personal and financial data is entirely safe and secure. It only takes a matter of seconds for a security breach to occur. But with so many companies unable to track or trace for data loss or theft, by the time any potential security risk has occurred, the damage will have been done, long before the company, and the consumer are even aware of a problem in the first place."

He continued: "Businesses should view log monitoring as the surveillance camera for their data and identity management as the locks on the door. It is critical that they protect and stand guard against threats and theft, just like they would their own homes."

Richard Edwards, Information Management Practice Director at Butler Group added: "We're not especially surprised by the findings of this survey. Indeed, the demands of exploding data growth and regulatory compliance, combined with regulations such as Sarbanes Oxley (SOX), Payment Card Industry Data Security Standards (PCI DSS), BASEL II, etc, are fueling the need for organisations to implement processes that ensure information especially financial information is managed in a transparent, consistent, and professional manner. In large organisations this task can consume a large amount of resources, and in smaller organisations it is often neglected altogether, and so Butler Group believes that an automated, managed solution is the only recourse for company wellbeing."