Retailers turn to crowdsourced security to protect their systems
As the holiday season approaches and there's a consequent spike in the amount of money spent online, retail cybersecurity comes under the spotlight.
Bugcrowd is releasing its State of Retail Cybersecurity report that explores the vulnerabilities found among retailers over the last year. Among the key findings is that crowdsourced security adoption increased by 137 percent year on year.
Bugcrowd retail programs also saw the second highest vulnerability submission rate in the third quarter of 2019. Of the submissions, nearly 20 percent are classified as critical (P1 or P2), paying out an average of nearly $1000 per submission.
Many eCommerce and retail organizations have predominantly web-based and mobile app attack surface -- two targets that are objectively 'easier' for novice hackers to tackle when first starting out. With a lower barrier to entry, the retail industry sees a disproportionately high volume of submissions against these asset types versus other industries.
Hardware targets, on the other hand, tend to receive fewer submissions, but far outweigh other asset types in percentage of high-impact findings for this industry. Point-of-sale and other hardware remains an attack target as legacy devices often lack designed-in security
The report's authors conclude:
The retail industry is a varied and complex market, dependent on more socio-economic variables than many other industries combined. At the intersection of IoT, finance, manufacturing, and shipment/transportation, it straddles several volatile industries and is forced to juggle an equal number of unique security and compliance considerations. And yet, it grows.
To meet the evolving needs of customers connecting from ever-expanding global communities, retail businesses have looked to innovative solutions that can scale as quickly as their business, and fit seamlessly into their existing development lifecycles. Bugcrowd delivers seamless security coverage at scale, at a lower price per vulnerability than other static and outdated testing solutions.
The full report is available from the Bugcrowd site.