Retail industry continues to struggle with cybersecurity
A new report from risk rating organization SecurityScorecard finds that the retail industry is the second lowest performer in terms of application security.
SecurityScorecard continually monitors more than 200,000 businesses across the world and the report compares the average grade of the retail industry to other vertical markets.
Retail is particularly vulnerable to social engineering attacks, partly because the industry employs a higher proportion of younger, less experienced people. Interestingly small business accounted for 43 percent of attacks with 62 percent of those arising out of phishing and social engineering.
"This year the retail industry's security posture fell lower than in years past, both in application security and social engineering," says Fouad Khalil, head of compliance at SecurityScorecard. "To remain competitive, retailers are adopting new payment and digital technologies, exposing them as prime targets for cybercriminals. This report demonstrates the importance of understanding the full retail ecosystem and how the industry is faring when it comes to meeting standard compliance guidelines."
The report also shows a failure to comply with PCI DSS standards for protecting cardholder data. Over 90 percent of the domains analyzed had issues indicating the organization may have been non-compliant with PCI DSS standards in four or more requirements. Retail organizations struggle most with the requirement to 'Develop and maintain secure systems and applications' -- with 97.5 percent of the domains analyzed presenting at least one issue pointing to potential non-compliance.
You can read more about the findings in the full report which is available from the SecurityScorecard website.