SecurityScorecard, a provider of IT security ratings, has released its 2017 Retail & E-Commerce Cybersecurity Report and the results are discouraging.
The report is said to deliver a comprehensive analysis of cybersecurity vulnerabilities across 1,924 companies from January through October. As retailers prepare to focus on sales during the holiday season, merchants, major credit card issuers and others in the retail industry are failing to keep up with critical security processes and security controls needed to protect shoppers.
The annual report focused on the retail industry as compared to other major industries and the cybersecurity indicators of the best and worst cybersecurity performers. Among the report’s findings:
- The retail industry ranks fifth out of 17 other major U.S. industries, but still showed major areas of concern.
- On average, retailers score a D in network security and patching cadence, and a C in application security, DNS health and IP reputation.
- Of the bottom cybersecurity performers, technology retailers and department stores scored the lowest compared to other types of stores.
- 13% of the bottom cybersecurity performers in the retail industry were clothing retailers.
- Six of the top 10 credit card issuers scored a C or below in network security and DNS health.
“Retailers are a prime target for cybercriminals,” says Sam Kassoumeh, co-founder and COO of SecurityScorecard. “Our analysis indicates that retailers continue to struggle with basic hygiene which leaves them vulnerable to attack. This includes both online and brick-and-mortar retailers. As we have seen with recent breaches, the lack of basic security controls and best practices can lead to a compromise of consumer data that can have a long lasting impact on customers.”
The potential for data breaches in the retail industry have dramatically increased, Kassoumeh says, given the reliance on third-party vendors, including Cloud providers and payment processors.
“The primary mechanism that retailers need to deploy is continuous monitoring of their vendors and within their own IT infrastructure,” he says.
The conclusions and rankings featured in the report are based on data derived from SecurityScorecard’s patented security ratings platform. A complimentary copy of the 2017 Retail & E-Commerce Cybersecurity Report can be downloaded here.
Opening image: Pixabay