Posted on Dec 11, 2016
The holiday season is underway and retailers are feeling the boom of business. Unfortunately, hackers are just as happy as they have new victims to target, whether they’re retailers or consumers. Even worse, consumers are at risk via online attacks or in physical locations due to pervasive malware affecting POS systems and hackers lurking in retailer’s networks, ready to steal financial information.
In our 2016 Biggest Holiday Retailer Cybersecurity Report we analyzed the 48 biggest American retailers and discovered critical security flaws affecting most of the retailers that can lead to consumers succumbing to potential attacks.
However, it’s not all bad news for holiday shoppers. We compiled a list of our 10 best performing Biggest Holiday Retailers. These retailers have an overall A security rating and have high scores in at least 8 out of 10 security factors measured in the SecurityScorecard platform. The 10 critical security factors are: Application Security, Network Security, Cubit Score, Patching Cadence, DNS Health, IP Reputation, Hacker Chatter, Endpoint Security, Information Leak, and Social Engineering.
For the most part, retailers had issues with:
Brandsource is a collective of over 4,500 locally owned retailers across the country. As a collective, they combine the purchasing power of its members stores to keep prices low and offer Brandsource-specific credit cards that come with its own perks.
Commissaries.com, the online site for the Defense Commissary Agency (DeCA) represents the worldwide chain of commissaries serving US military personnel, active or retired, and their families at a subsidized cost.
Ace Hardware is a retailers’ cooperative with over 4,800 locations in 60 countries. According to the National Retail Federation, it has a 7% sales growth over from 2014 to 2015.
Sears is a well-known department chain and one of the oldest and largest retailers on our list.
Ross Stores is the second-largest off-price retailer in the US, with over 1,200 stores in 33 states.
Exchange is the retailer on the Army and Air Force installations, operating an e-commerce site, department stores, and convenience stores among others. Their presence is felt in over 2,500 facilities across 33 countries, every US state, and five U.S territories.
Walmart is the largest retailer on our list and the largest U.S company by revenue, with over 11,000 stores in 28 countries and with 2.2M employees. With over $300B in sales, Walmart needs to take into account a much larger volume of transactions, traffic, and security in both a physical and online space.
Burlington, or Burlington Coat Factory as it’s commonly known, is another off-price department store with over 540 store in 44 states.
TJ Maxx is a department store chain owning a number of branded retailers including HomeGoods, Marshalls, and Sierra Trading Post. With over 1,000 stores, nationally, TJ Maxx has made quite the mark since its founding in 1976.
Saks Fifth Ave is an American upscale department store owned by Hudson’s Bay Company, taking its name from its flagship store on Fifth Avenue in Manhattan. With only less than 200 locations, counting Saks OFF 5th, it has the smallest physical presence among the retailers on our list.
As you can see from the graph above, the top performing retailers have an overall A rating and have high grades in 8 out of 10 security factors. We see that Hacker Chatter, Password Exposure, and Social Engineering are the best-performing factors among the retailers. This is a good sign given that the three are strongly linked. If hackers are mentioning organizations, it’s likely that either their information has leaked or that hackers are planning an attack, potentially using sensitive information to initiate a social engineering attack.
Endpoint Security, Cubit Score, and IP Reputation are also high scoring factors for the Top Performing Biggest Holiday Retailers. This indicates that they are maintaining a network free of malware, that access to internal networks via devices are kept secure, and that administrative subdomains are not publicly visible, which can often contribute to sensitive information being leaked.
DNS Health and Network Security scores start to fall as we move beyond the 5th best retailers, which are indicators that assess network, domain, and email configurations. Network Security assesses an organization’s security issues such as SSL certificate security and open network ports. The DNS Health factor looks at SPF and domain configurations, which, if left insecure, could lead to impersonation attacks on consumers.
As we look beyond the top 10 performers, we also found distinct issue types that could conflict with PCI compliance. If security is your top concern, we recommend shopping at these Holiday Retailers first to ensure your financial information is kept secure.
Check out our list of 3 top third party risk management (TPRM) challenges, and the actions you can take to bolster your program. Learn more.
Performing cybersecurity risk assessments is a key part of any organization’s information security management program. Read our guide.
Templates and vendor evaluations are needed to level that playing field, in a time efficient and fair way, so that the best vendors are chosen.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.