It’s still anybody’s guess just how widespread these types of attack have become. But a report published this week by SecurityScorecard, a provider of cybersecurity rankings, finds that over 90 percent of the retail domains analyzed indicated non-compliance with the Payment Card Industry Data Security Standard (PCI DSS) standard. Based on an analysis of 1,444 domains in the retail industry that digital footprints consisting of more than 100 IP addresses, the 2018 SecurityScorecard Retail Cybersecurity Report also notes that in terms of application security the retail sector ranks second to last among all the vertical industries tracked.'Web application attacks are becoming more sophisticated and harder to detect.' ~@mvizard Click To Tweet
Barracuda Vulnerability Manager and Remediation Service
The Shortest Path to Protecting Your Web Applications
Most retailers operate on thin margins so there’s not a lot of money to throw at cybersecurity. But there’s also a lot of controversy over how to implement cybersecurity across the retail sector. The National Federation for Retailers (NRF) is leading a rebellion against the way PCI DSS is being imposed on the retail industry by credit card companies.
The fact that cybersecurity is a major concern for online retailers is, of course, hardly novel. Business leaders across the sector are clearly weighing risks versus potential rewards. Given the general low cybersecurity ratings across the sector, many retail business executives have apparently concluded that any potential harm experienced by their customers is well worth the revenues to be gained. What precisely goes into that calculus will vary by company. But a report published this week by SiteLock notes that websites experience on average of 58 attacks per day, or roughly on average on every 25 minutes. The SiteLock Website Security Insider Q2 2018 report also finds the average number of attacks experienced by websites per day increased by 16 percent quarter over quarter. Those attacks are becoming more sophisticated and harder to detect, the report notes.'In 2017, 37% of C-level retail execs associated with a data breach lost their jobs.' ~@mvizardClick To Tweet
The calculus that retail executives employ to measure cybersecurity risks might soon be changing. A recent report from Kaspersky Lab notes that 32 percent of breaches in North America resulted in a C-level manager, president or CEO losing their job in 2017. Clearly, the level of personal risk for business executives associated with cybersecurity breaches is starting to rise. It remains to be seen how business executives being held more accountable might impact cybersecurity among online retailers. But while more accountability is a generally a good thing, waves of recrimination are generally counterproductive. It should be clear to almost everyone now in the online retailing sector that something is very broken. The real issue is how will online retailers and the IT community come together to solve a problem that jeopardizes trillions of dollars in transactions.
Unfortunately, time is running out to have that conversation. Once customers lose faith in online retailing it will be extraordinarily hard to restore it. They may love the convenience online retailers provide. But many of them are already limiting their transactions to a narrower group of online retailers such as Amazon that they instinctively feel have the resources to do whatever it takes to secure their transactions. Ultimately, that’s not an outcome that’s good for business.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.