As Holiday Shopping Gears Up, Retailers Get Cybersecurity Thumbs Down
SecurityScorecard’s retail industry report reveals cybersecurity deficiencies in key sectors ahead of holiday shopping season.
Merchants, major credit card issuers and others in the retail industry are failing to keep up with critical IT security processes, according to SecurityScorecard.
NEW YORK CITY — SecurityScorecard, a provider of IT security ratings, has released its 2017 Retail & E-Commerce Cybersecurity Report and the results are discouraging.
The report is said to deliver a comprehensive analysis of cybersecurity vulnerabilities across 1,924 companies from January through October. As retailers prepare to focus on sales during the holiday season, merchants, major credit card issuers and others in the retail industry are failing to keep up with critical security processes and security controls needed to protect shoppers.
The annual report focused on the retail industry as compared to other major industries and the cybersecurity indicators of the best and worst cybersecurity performers. Among the report’s findings:
- The retail industry ranks fifth out of 17 other major U.S. industries, but still showed major areas of concern.
- On average, retailers score a D in network security and patching cadence, and a C in application security, DNS health and IP reputation.
- Of the bottom cybersecurity performers, technology retailers and department stores scored the lowest compared to other types of stores.
- 13% of the bottom cybersecurity performers in the retail industry were clothing retailers.
- Six of the top 10 credit card issuers scored a C or below in network security and DNS health.
“Retailers are a prime target for cybercriminals,” says Sam Kassoumeh, co-founder and COO of SecurityScorecard. “Our analysis indicates that retailers continue to struggle with basic hygiene which leaves them vulnerable to attack. This includes both online and brick-and-mortar retailers. As we have seen with recent breaches, the lack of basic security controls and best practices can lead to a compromise of consumer data that can have a long lasting impact on customers.”
The potential for data breaches in the retail industry have dramatically increased, Kassoumeh says, given the reliance on third-party vendors, including Cloud providers and payment processors.
“The primary mechanism that retailers need to deploy is continuous monitoring of their vendors and within their own IT infrastructure,” he says.
The conclusions and rankings featured in the report are based on data derived from SecurityScorecard’s patented security ratings platform. A complimentary copy of the 2017 Retail & E-Commerce Cybersecurity Report can be downloaded here.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!
Related Content
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Commercial Integrator + Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add to your bottom line.
A FREE subscription to the top resource for security and integration industry will prove to be invaluable.
