New cybersecurity research reveals nearly 80% of the largest holiday retailers may not be using intrusion detection or prevention systems to monitor all traffic within the cardholder data environment. Additionally, over 90% of major holiday retailers have a SPF Record missing, which increases the risk of an email spoofing attack reaching consumers.
SecurityScorecard’s 2016 Biggest Holiday Retailers Cybersecurity Report studied the 48 largest retailers as indicated by the National Retail Federation. More than 50% may have failed to meet the Payment Card Industry’s Data Security Standards. Issues discovered include malware infections, use of end-of-life products, weak network security and low security awareness among employees.
SecurityScorecard found 100% of the Biggest Holiday Retailers have multiple issues with domain security, which increases the risk of hackers impersonating a retailer’s site and falsifying a checkout form to obtain a user’s credit card information.
In October 2016, 83% of the Biggest Holiday Retailers had unpatched vulnerabilities. All bottom performing holiday retailers have a D or lower in Network Security, suggesting that their network may have an unaccounted access point ready to be exploited. About 62% of the Biggest Holiday Retailers were using end-of-life products in the last month, which make them more susceptible to a number of attacks or exploits. Around 43% of the Biggest Holiday Retailers were infected with malware between April and June 2016.
In addition to system vulnerabilities, SecurityScorecard also found many of the Biggest Holiday Retailers also had employees who lacked training in basic security best practices.
SecurityScorecard provides the most accurate rating of security risk for any organization worldwide. The proprietary SaaS platform helps enterprises gain operational command of the security posture for themselves and across all of their partners, and vendors. It provides continuous, non-intrusive monitoring for any organization including third and fourth parties.
The platform offers a breadth and depth of critical data points not available from any other service provider including a broad range of risk categories such as Application Security, Malware, Patching Cadence, Network Security, Hacker Chatter, Social Engineering and Leaked Information.
For a complete archive of more than 70,000 articles published since 1995 search the CardFlash.com library