New research from global cybersecurity advisor Coalfire has found that retail is one of the worst-performing sectors when it comes to defending against cyberattacks.
The analysis comes just as retailers across the UK are gearing up for the vital Christmas trading period, kicking off with Black Friday and Cyber Monday in November.
Around 64% of retail brands have at least one significant cybersecurity vulnerability that could be easily exploited by a hacker, according to Coalfire’s data.
More than 1,500 penetration tests on 564 businesses – simulating real-world cyberattacks to stress test the organisations’ security.
The analysis discovered that retailers were more likely to have significant security vulnerabilities than organisations from other sectors including financial services (61%), healthcare (57%) and tech (56%).
Retailers are spreading their IT talent too thin, according to the study, with a with a severe lack of expertise outside of corporate headquarters, leaving them under resourced to manage their often vast digital infrastructures.
Subscribe to Charged Retail for free
Click here to get the latest retail tech news, comment and intel straight into your inbox each day
A quarter (25%) of retailers, for example, were failing to create patches fast enough to fix faulty systems, leaving weak spots that hackers can exploit.
“Our research serves as a stark warning to retailers in the run up to Christmas and shows that many are woefully underprepared to protect themselves and their customers from cybercriminals,” Coalfire managing director Andy Barratt said.
“Digital transactions go through the roof on Black Friday and Cyber Monday – that makes these key dates just as important for hackers looking to cash in on insecure IT systems, as they are for shops and supermarkets.
“Even in normal times, retailers are an attractive target for hackers. Their IT infrastructures are often a hugely complex web of different legacy systems.
“That, coupled with a lack of cyber awareness, the busy season ‘change freeze’ and a lack of training among shop floor employees, opens up a lot of potential opportunities for cybercriminals and fraudsters alike.
“Firms must invest more time and resource in training and boosting cyber expertise across their store footprint, not just at head office. Susceptibility to the most common types of attack – phishing, malware and exploitation of weak passwords – can be greatly improved simply by giving employees more guidance on how to use their IT safely.”
