Heading Into the Holidays, How Are Retailers Doing With Cybersecurity?
SecurityScorecard's annual 2017 Retail & E-Commerce Cybersecurity Report provides a comprehensive analysis of cybersecurity vulnerabilities across 1,924 companies from Jan 2017 through Oct. 2017. As retailers prepare to focus on sales during the holiday season, merchants, major credit card issuers and others in the retail industry are failing to keep up with critical security processes and security controls needed to protect shoppers.
The report focused on the retail industry as compared to other major industries and the cybersecurity indicators of the best and worst cybersecurity performers. The good news is that the retail industry ranks 5th out of 17 other major U.S. industries, although it still showed major areas of concern.
On average, retailers score a D in network security and patching cadence and a C in application security, DNS health, and IP reputation. Of note, technology retailers and department stores scored the lowest compared to other types of stores, and 30 percent of the bottom cybersecurity performers in the retail industry were apparel retailers.
In addition, six of the top 10 credit card issuers scored a C or below in network security and DNS health.
"Retailers are a prime target for cybercriminals," said Sam Kassoumeh, co-founder and COO of SecurityScorecard. "Our analysis indicates that retailers continue to struggle with basic hygiene which leaves them vulnerable to attack. This includes both online and brick-and-mortar retailers.
"As we have seen with recent breaches, the lack of basic security controls and best practices can lead to a compromise of consumer data that can have a long lasting impact on customers," Kassoumeh continued. "With the reliance on third parties, including cloud providers and payment processors, the potential for compromise has dramatically increased. The primary mechanism that retailers need to deploy is continuous monitoring of their vendors and within their own IT infrastructure."
The conclusions and rankings featured in the report are based on data derived from SecurityScorecard's patented security ratings platform.