100 percent of holiday retailers vulnerable to cyber security issues
With more of us than ever doing our shopping online over the holiday period we want to feel that we can do so safely.
But a new report from security ratings company SecurityScorecard exposes cyber security vulnerabilities across 48 of the biggest US retailers.
The company studied the 48 largest retailers as indicated by the National Retail Federation. It finds that more than 50 percent may have failed to meet the Payment Card Industry’s Security Standards (PCISS). It also uncovered issues including malware infections, use of end-of-life products, weak network security and low security awareness among employees.
Overall 100 percent of the biggest holiday retailers were found to have multiple issues with domain security, which increases the risk of hackers impersonating a retailer’s site and falsifying a checkout form to obtain a user’s credit card information. Over 90 percent have an SPF Record missing, which increases the risk of an email spoofing attack reaching consumers, and nearly 80 percent may not be using intrusion detection or prevention systems to monitor all traffic within the cardholder data environment.
Other findings are that in October 2016, 83 percent had unpatched vulnerabilities and 62percent of were using end-of-life products in the last month, which makes them more susceptible to a number of attacks or exploits. Also 43 percent of major retailers were infected with malware between April and June 2016.
"In my previous role as a Chief Information Security Officer with a large retailer, this time of year is always tough for security professionals. With more consumers, more transactional data, and more credit cards to steal, the holiday shopping season is an ideal time for a hacker to attack," says Sam Kassoumeh, Co-Founder and COO of SecurityScorecard. "Our analysis indicates the even the most secure retailers could be susceptible to a breach. Additionally, previously installed and dormant malware could be activated during this time of year to capitalize on a larger score. If a hacker decides to take action while organizations scramble to keep up with an uptick in sales activity, attacks are more likely to be successful".
You see more details of the findings in the full report which is available from the SecurityScorecard website.