TMCnet News
2015 Retail & eCommerce Security Report: Web Application Security Issues Are Rampant And ProlificNEW YORK, Nov. 23, 2015 /PRNewswire/ -- SecurityScorecard, the leading security-risk benchmarking company, announced today findings from its 2015 Retail & eCommerce Security Report which details security trends and problem areas affecting both businesses and consumers this holiday season. SecurityScorecard finds the retail industry suffers from pervasive web application weaknesses from legacy software systems which are soft targets for attackers once inside a company's network. The report analyzed the top and bottom 10% of retailers collected from SecurityScorecard's proprietary industry data. These retailers represent roughly 200 retail companies and was collected and analyzed from July through October 2015. There were no e-commerce retailers that were exempt from web application issues. Also, many retailers that our researchers analyzed found companies need to improve the security of servers by hardening their configurations. In the recent past, hackers have found entry points via third party vendors and partners. The target? Customer credit card and other personally identifying information (Social Security Numbers, home addresses, email addresses, phone numbers, etc.) attackers use for fraud and identity theft. "Attackers seek to access the 'dumps' from customer credit card magstripes (underground slang for the track data stored on a card's magnetic stripe)," said Alex Heid, Chief of Research, at SecurityScorecard. "They will scan ranges of IP addresses looking for remote administration protocols and then use common or pilfered credentials for access." Top Performers
"For bottom performing retailers, we noticed issues in the frequency of fixing vulnerabilities, so companies need to put robust and rapid patching policies in place in their security programs," said Dr. Aleksandr Yampolskiy, CEO and Co-founder, SecurityScorecard. "We also found too many instances of corporate login and password credentials found on the underground, so retailers need to improve security awareness training for employees. For the application issues, secure coding training for developers is a must." Consumers lining up to shop at stores on Black Friday or purchase gifts on Cyber Monday and beyond this holiday shopping season should understand that credit cards and other personal information are always a target for hackers, so consumers should be vigilant about monitoring their statements and credit services for fraudulent activity. Holiday shopping season is widely known to see increases in attack attempts on retail and eCommerce websites. Dr. Yampolskiy also advises that consumers do not use or visit eCommerce websites of companies they have never heard of before, and to monitor their credit card and bank accounts for suspicious charges. Download the report here. Companies that want to receive a free, graded security score should visit: https://instant.securityscorecard.com/ About SecurityScorecard's Benchmarking Service The proprietary foundation of the platform is the ThreatMarket™ data engine that collects over 30 million daily security risk signals from the entire Internet. SecurityScorecard collects and grades the security risk of companies in the following ten categories and factors: Web Application Security, Network Security, Endpoint Security, IP Reputation, Patching Cadence, Password Exposure, Hacker Chatter, Social Engineering, DNS Health, and CubitTM Score, a metric that assesses common system configurations. About SecurityScorecard For further information, please visit www.securityscorecard.com.
To view the original version on PR Newswire, visit:http://www.prnewswire.com/news-releases/2015-retail--ecommerce-security-report-web-application-security-issues-are-rampant-and-prolific-300183067.html SOURCE SecurityScorecard |