AuctionsMar 21, 2023
Marlene Dietrich’s Van Cleef & Arpels Bracelet Going Up for AuctionExpected to earn up to $4.5 million, the “Jarretière” bracelet is the star of Christie’s “The Magnificent Jewels of Anne Eisenhower” sale.
SurveysAug 02, 2018
Report: US Retailers Are Top Targets for Data Breaches
According to the 2018 Thales Data Threat Report, U.S. retailers experienced twice as many IT security breaches than other retailers worldwide last year.
New York—A new report says that retailers in the United States are experiencing the most IT security breaches worldwide.
The retail edition of the 2018 Thales Data Threat Report based its findings on input from 100 senior retail IT security managers in the U.S. and 96 IT security managers from retailers in other countries to establish the state of IT security today.
It found that despite an increase in IT security spending—84 percent of U.S. retailers polled plan on upping their budgets this year, compared to 77 percent last year and 67 percent of international retailers this year—cyber-attackers are by and large staying one step ahead of companies.
Fifty percent of U.S. retailers surveyed said they experienced IT security breaches last year alone, compared to 19 percent in the 2017 report. Only 27 percent of global retailers, meanwhile, said they experienced a breach last year.
RELATED CONTENT: Saks, Lord & Taylor the Latest Hit by HackersSeventy-five percent of the respondents in the U.S. said they’ve experienced at least one breach, while 60 percent of global retailers said the same.
The retail industry, which is becoming increasingly digital, is a target for cyber attackers due to its high volume of credit card transactions. In fact, Thales says that overall, it’s the second most breached industry in the United States behind the federal government.
The results of the Thales study on IT security in retail mirror what the Jewelers Security Alliance found in its 2017 crime report. The JSA saw such a large uptick in cybercrime last year that for the first time ever, it broke the losses out separately.
The average dollar loss from cybercrime in the jewelry industry was $1.2 million last year, with JSA President John J. Kennedy calling it a “dangerous and growing crime trend.”
A Bad Investment
Despite the uptick in IT security budgets, the Thales report concluded that retailers are putting their money in places that even they recognize to be ineffective. what they themselves deem the most ineffective places.
Of available tools to battle security breaches, 91 percent of U.S. retailers said analysis and correlation tools are the most effective and 90 percent said data-in-motion— providing security for an e-mail in transit while it’s being sent, for example—is the second most effective weapon.
However, they indicated that their highest spending increases would go to endpoint/mobile defenses (77 percent), even though
they ranked this as the least effective security method. Only 57 percent of retailers plan to increase the budget for data-at rest (stored data) defense, and only 62 percent for data-in-motion defenses, despite these being more effective.
Where the Money Should Go
Thales asserts that tools like discovery/classification and encryption or tokenization are key to protecting against IT security breaches today.
Only 26 percent of U.S. retailers polled said they are implementing encryption in the cloud, compared with 30 percent of global retailers.
Fifty-two percent of U.S. respondents cited a lack of perceived need as the top reason for not devoting more resources to tools like encryption and tokenization, while 47 percent also cited impact on business performance and 46 percent were put off by its complexity.
In a past interview with National Jeweler, Kennedy offered a list of cybersecurity recommendations for jewelers specifically, some of which might involve hiring an IT firm.
They include: proper firewalls, up-to-date anti-virus software, the avoidance of “risky” internet sites and the training of staff on the types of mistakes that often let in hackers.
Staff need to be told, or reminded, not to open or click into unknown or suspicious emails, and to look carefully at emails from known parties for misspellings and other anomalies as emails addressed can be spoofed.
Thales said that retailers should “re-prioritize” their IT security toolsets, focusing on ones that offer service-based deployments, platforms and automation to reduce complexity while adding protection.
It also recommended that retailers go beyond national and international compliance measures and employ security tools like encryption and tokenization. Encryption needs to be applied to all platforms, not just desktop and laptop computers.
Specifically, Thales recommends encrypting the cloud, big data, data located within containers and IoT (interconnected devices with IP addresses).
It’s likely that compliance guidelines will one day mandate these practices, the report said, so retailers can benefit from getting a head start on them, hopefully avoiding data breaches in the process.
RELATED CONTENT: JSA: Smash-and-Grab Robberies, Cybercrime Up in 2017“Traditional endpoint and network security are no longer sufficient, particularly for heavy adopters of public cloud resources such as the U.S. retail sector,” the report said, especially with the expanding use of external cloud services like SaaS (software as a service), PaaS (platform as a service) and IaaS (infrastructure as a service).
Where the Money Should Go
Thales asserts that tools like discovery/classification and encryption or tokenization are key to protecting against IT security breaches today.
Only 26 percent of U.S. retailers polled said they are implementing encryption in the cloud, compared with 30 percent of global retailers.
Fifty-two percent of U.S. respondents cited a lack of perceived need as the top reason for not devoting more resources to tools like encryption and tokenization, while 47 percent also cited impact on business performance and 46 percent were put off by its complexity.
In a past interview with National Jeweler, Kennedy offered a list of cybersecurity recommendations for jewelers specifically, some of which might involve hiring an IT firm.
They include: proper firewalls, up-to-date anti-virus software, the avoidance of “risky” internet sites and the training of staff on the types of mistakes that often let in hackers.
Staff need to be told, or reminded, not to open or click into unknown or suspicious emails, and to look carefully at emails from known parties for misspellings and other anomalies as emails addressed can be spoofed.
Thales said that retailers should “re-prioritize” their IT security toolsets, focusing on ones that offer service-based deployments, platforms and automation to reduce complexity while adding protection.
It also recommended that retailers go beyond national and international compliance measures and employ security tools like encryption and tokenization. Encryption needs to be applied to all platforms, not just desktop and laptop computers.
Specifically, Thales recommends encrypting the cloud, big data, data located within containers and IoT (interconnected devices with IP addresses).
It’s likely that compliance guidelines will one day mandate these practices, the report said, so retailers can benefit from getting a head start on them, hopefully avoiding data breaches in the process.
More on Surveys
The Latest
ColumnistsMar 21, 2023
Squirrel Spotting: Customer Retention Mindset—The New CRM With jewelry sales coming down from their pandemic highs, retailers need to do all they can to retain existing customers, Peter Smith says.
Events & AwardsMar 21, 2023
ASJRA’s May Conference Examines ‘Iconic’ Jewelry CompaniesJewelry historians, authors, and experts will explore the works of Tiffany & Co., Oscar Heyman, Verdura, and more.
Brought to you by
Full Disclosure at Your FingertipsDistinguishing natural diamonds from laboratory-grown stones – now more available than ever – has been difficult for jewelers. Until now.
IndependentsMar 21, 2023
Borsheims Executive Jennifer Johnson RetiresJohnson joined the retailer in 1987, establishing its first human resources department.
Weekly QuizMar 17, 2023
This Week’s QuizTest your jewelry news knowledge with this short test.
Recorded WebinarsMar 20, 2023
Watch: Lab Grown Diamonds: What's Now? What's New? What's Next?Supplier Spotlight Presented by IGI
Events & AwardsMar 20, 2023
Gem Awards Shine Spotlight on Design, Dedication, and FamilyThe industry gathered to celebrate those who elevate the jewelry and watch industries.
Brought to you by
Bringing Over 130 Years of Diamond Expertise to Modern GradingDe Beers Institute of Diamonds provides the very best in diamond verification, education and diamond services.
CrimeMar 20, 2023
Jewelry Crime Reached Record Level in 2022, JSA SaysAt JSA’s annual luncheon, President John J. Kennedy said the organization recorded more than 2,000 cases last year.
CollectionsMar 20, 2023
A New Book on Chanel Is a High Jewelry Lover’s DreamIt highlights Gabrielle “Coco” Chanel’s lasting influence on modern design.
Recorded WebinarsMar 17, 2023
Watch: Lessons From GemsJewelers of America’s Amanda Gizzi explores the qualities and accomplishments that make this year’s Gem Award nominees shine.
Events & AwardsMar 17, 2023
JCK Industry Fund Announces Grant RecipientsHere’s what the nine chosen organizations plan to do with the funds.
TrendsMar 17, 2023
Piece of the Week: Anita Ko’s Award-Ready EarringsThe designer is nominated for a Gem Award for Jewelry Design.
FinancialsMar 16, 2023
Winter Weather, Declining Engagements Weigh on Signet’s Results The jewelry giant’s full-year sales were essentially flat, brought down by fourth-quarter declines.
FinancialsMar 16, 2023
Brilliant Earth Took a Record Number of Orders in 2022In its recent results, the company highlighted non-bridal jewelry sales and said its “inventory-light” showroom model may change.
Events & AwardsMar 16, 2023
Amanda’s Style File: Sparkling Gems See 15 fabulous pieces from the 2023 Gem Award for Jewelry Design nominees: Anita Ko, Kirsty Stone, and Ron Anderson and David Rees.
WatchesMar 16, 2023
Citizen’s New Eco-Drive Watches Run for a Full YearThe new Cal. E365 movement doubles the running time of the current Eco-Drive models.
SourcingMar 15, 2023
Amid Uncertainties, India’s Diamond Industry Continues to Adjust The mood among diamantaires is fairly optimistic despite the challenges brought about by sanctions and a cloudy economic outlook.
Lab-GrownMar 15, 2023
India’s Lab-Grown Diamond Industry Is Growing UpThe mood is bullish as more companies get into the business despite the dramatic drop in lab-grown diamond prices.
SourcingMar 15, 2023
Q&A: GJEPC Chairman Vipul ShahShah talks with National Jeweler about diamond demand, lab-grown, and why it’s difficult to make predictions about the U.S. market.
Policies & IssuesMar 15, 2023
When Diamonds Replenish the EarthHari Krishna Exports and the Dholakia Foundation’s “Mission 100 Sarovar” aims to create 100 lakes to help revive an area of Gujarat.
TechnologyMar 15, 2023
Sarine’s New Website Schools Consumers on TraceabilityThe educational resource will highlight the positive impact diamonds can make on their journey from mine to market.
SourcingMar 15, 2023
Canada’s Ekati Diamond Mine to Get a New OwnerAustralian mining company Burgundy Diamond Mines announced plans to buy the mine in a deal valued at $136 million.
AuctionsMar 15, 2023
Antique Rings Discovered by Retirees Perform Well at AuctionA 17th-century gold seal ring and an 18th-century memento mori ring met or exceeded estimates at a recent Noonans auction.
Events & AwardsMar 15, 2023
JSA Announces Award RecipientsThey will be recognized at the organization’s annual luncheon this weekend in New York City.
ColumnistsMar 14, 2023
On Data: How Did Independent Jewelers Do in January and February? Sherry Smith breaks down the results so far this year, including which categories are the sales standouts and which are struggling.
MajorsMar 14, 2023
Dutch Historian Discovers Medieval JewelsThe 1,000-year-old find is now on display in the Dutch National Museum of Antiquities.
