All 48 of the nation’s largest holiday retailers have multiple issues with domain security, and more than 90% have a missing SPF (Sender Policy Framework) Record, which increases the risk of an email spoofing attack reaching their customers.
These are just a few of the alarming findings of the 2016 Biggest Holiday Retailers Cybersecurity Report, based on a survey conducted by SecurityScorecard from April through October 2016. The retailers were selected from NRF’s 2016 Top 100 Retailers list, with the final 48 based on those brands that would see a significant increase in transactions during the holiday season.
Other findings include:
• Nearly 80% of the biggest holiday retailers may not be using intrusion detection or prevention systems to monitor all traffic within the cardholder data environment;
• In October 2016, 83% had unpatched vulnerabilities;
• 62% were using end-of-life products during the last month, which makes them more susceptible to a number of attacks or exploits;
• 43% of these retailers were infected with malware between April and June 2016; and
• Many retailers had employees that lacked training in basic security best practices.
“With more consumers, more transactional data, and more credit cards to steal, the holiday shopping season is an ideal time for a hacker to attack,” said Sam Kassoumeh, Co-Founder and COO of SecurityScorecard in a statement. “Our analysis indicates that even the most secure retailers could be susceptible to a breach. Additionally, previously installed and dormant malware could be activated during this time of year to capitalize on a larger score. If a hacker decides to take action while organizations scramble to keep up with an uptick in sales activity, attacks are more likely to be successful.”