SecurityScorecard: Big Retailers Invite Hacker Attacks

Hackers have more opportunities than ever to infiltrate retailer networks, according to SecurityScorecard.

The company, which monitors and rates online systems, has released its 2016 “Biggest Holiday Retailers Cybersecurity Report,” an analysis SecurityScorecard insisted exposes digital vulnerabilities across the biggest U.S. retailers.

SecurityScorecard studied the 48 largest retailers in the U.S. as indicated by the National Retail Federation. It concluded that more than half might have failed to meet the payment card industry’s data security standards. In the course of the study, SecurityScorecard discovered problems including malware infections, use of end-of-life products, weak network security and low security awareness among employees.

Key findings in the report include:

  • 100% of the top retailers have multiple issues with domain security, increasing the risk of hackers impersonating an e-commerce site and falsifying a checkout form to obtain a user’s credit card information.
  • More than 90% of the big retailers have an SPF Record missing and so are risking an email spoofing attack than can reach consumers.
  • Almost 80% of the retailers may not be using intrusion detection or prevention systems to monitor all traffic within the cardholder data environment.
  • 83% of the top retailers had unpatched vulnerabilities.
  • 43% of the biggest holiday retailers suffered a malware infection between April and June 2016.

All bottom performing retailers had a D or lower in network security, SecurityScorecard noted, suggesting that their systems may have an unaccounted access point ready to be exploited. In addition, SecurityScorecard indicated, 62% of the biggest retailers used end-of-life products, which make them more susceptible to different types of attacks.