Cybersecurity Risks Run High For Biggest Holiday Retailers

All 48 of the nation’s largest holiday retailers have multiple issues with domain security, and more than 90% have a missing SPF (Sender Policy Framework) Record, which increases the risk of an email spoofing attack reaching their customers.

These are just a few of the alarming findings of the 2016 Biggest Holiday Retailers Cybersecurity Report, based on a survey conducted by SecurityScorecard from April through October 2016. The retailers were selected from NRF’s 2016 Top 100 Retailers list, with the final 48 based on those brands that would see a significant increase in transactions during the holiday season.



Other findings include:

Nearly 80% of the biggest holiday retailers may not be using intrusion detection or prevention systems to monitor all traffic within the cardholder data environment;

• In October 2016, 83% had unpatched vulnerabilities;

62% were using end-of-life products during the last month, which makes them more susceptible to a number of attacks or exploits;

43% of these retailers were infected with malware between April and June 2016; and

• Many retailers had employees that lacked training in basic security best practices.

“With more consumers, more transactional data, and more credit cards to steal, the holiday shopping season is an ideal time for a hacker to attack,” said Sam Kassoumeh, Co-Founder and COO of SecurityScorecard in a statement. “Our analysis indicates that even the most secure retailers could be susceptible to a breach. Additionally, previously installed and dormant malware could be activated during this time of year to capitalize on a larger score. If a hacker decides to take action while organizations scramble to keep up with an uptick in sales activity, attacks are more likely to be successful.”

Featured Event

Join the retail community as we come together for three days of strategic sessions, meaningful off-site networking events and interactive learning experiences.



Access The Media Kit


Access Our Editorial Calendar

If you are downloading this on behalf of a client, please provide the company name and website information below: