Posted 06 Dec 2016
NEW YORK, Dec. 6, 2016 /PRNewswire/ -- All retailers should take extra security precautions during this holiday season. SecurityScorecard, the leader in security ratings, has found hackers have more opportunities than ever to infiltrate retailer networks. Today the company released its 2016 Biggest Holiday Retailers Cybersecurity Report - a comprehensive analysis exposing frightening cybersecurity vulnerabilities across 48 of the biggest U.S retailers. As sales continue to shatter records, major retailers are failing to keep up with critical processes needed to protect shoppers from being compromised.
SecurityScorecard studied the 48 largest retailers as indicated by the National Retail Federation. More than 50 percent may have failed to meet the Payment Card Industry's Data Security Standards. Issues discovered include malware infections, use of end-of-life products, weak network security and low security awareness among employees.
"In my previous role as a Chief Information Security Officer with a large retailer, this time of year is always tough for security professionals. With more consumers, more transactional data, and more credit cards to steal, the holiday shopping season is an ideal time for a hacker to attack," said Sam Kassoumeh, Co-Founder and COO of SecurityScorecard. "Our analysis indicates that even the most secure retailers could be susceptible to a breach. Additionally, previously installed and dormant malware could be activated during this time of year to capitalize on a larger score. If a hacker decides to take action while organizations scramble to keep up with an uptick in sales activity, attacks are more likely to be successful."
Among the report's other key findings are:
In addition to system vulnerabilities, SecurityScorecard also found many of the Biggest Holiday Retailers also had employees who lacked training in basic security best practices.
"The Biggest Retailers' last place ranking in Hacker Chatter and Social Engineering complicates things further for their internal security. Low Social Engineering scores are indicative that an organization's employees are vulnerable to attacks that prey on a lack of knowledge," continued Mr. Kassoumeh.
The 2016 Biggest Holiday Retailers Cybersecurity Report analyzed the security ratings of the 48 biggest U.S. retailers over a seven-month period between April 1st and October 31st, 2016. These retailers were selected from the NRF's 2016 Top 100 Retailers list. The conclusions and rankings featured in the report are based on data derived from SecurityScorecard's patented security rating platform. For more information about these findings, download the full report.
SecurityScorecard provides the most accurate rating of security risk for any organization worldwide. The proprietary SaaS platform helps enterprises gain operational command of the security posture for themselves and across all of their partners, and vendors. It provides continuous, non-intrusive monitoring for any organization including third and fourth parties. The platform offers a breadth and depth of critical data points not available from any other service provider including a broad range of risk categories such as Application Security, Malware, Patching Cadence, Network Security, Hacker Chatter, Social Engineering and Leaked Information. To receive a free SecurityScorecard assessment and consultation for your business, visit instant.securityscorecard.com.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.