In the backdrop of Black Friday and the ensuing holiday season, security ratings firm SecurityScorecard released a survey highlighting how the retail industry often fails to manage critical security processes. The firm analyzed around 1,924 companies between January and October, 2017, for the survey. The study pointed out that the retail industry ranked fifth among the major U.S industries, where the bottom performers were the clothing retailers. “There were more poor performing clothing stores than poor performing department stores, car dealerships, food stores, grocery/pharmacy stores, wholesale retailers, office supply stores, and stores selling sports good combined.”
Another worrisome trend was that majority of credit card issuers scored a ‘C’ or below in network security and DNS health. “SecurityScorecard’s analysis revealed that not a single credit card issuer received an ‘A’ grade, indicating that every single card issuer could take steps to mitigate cybersecurity risk.”
“Retailers are a prime target for cybercriminals,” said Sam Kassoumeh, Co-founder and COO of SecurityScorecard in a statement. “Our analysis indicates that retailers continue to struggle with basic hygiene which leaves them vulnerable to attack. This includes both online and brick-and-mortar retailers. As we have seen with recent breaches, the lack of basic security controls and best practices can lead to a compromise of consumer data that can have a long lasting impact on customers. With the reliance on third parties, including cloud providers and payment processors, the potential for compromise has dramatically increased. The primary mechanism that retailers need to deploy is continuous monitoring of their vendors and within their own IT infrastructure.”
“Properly assessing vendor risk, implementing continuous monitoring, validating or supplementing compliance evidence, ensuring protection of the PoS system, and improving increased cybersecurity awareness are all examples of steps that retailers may consider when improving their cybersecurity posture,” the report suggested. “Ultimately, as cyberattacks continue to steal the headlines and consumers become more educated on the potential risks of poor cybersecurity performance, the retail industry, especially its bottom performers, will require significant investments in cybersecurity to keep its doors–physical or digital–open from this holiday season to the next,” the report concluded.
