According to Trustwave’s recently released 2018 Global Security report, the retail sector suffered more breaches than any other in 2017 as attackers exploited vulnerabilities in third-party apps and services.
The reports shows that in 2017, incidents involving the retail sector were the most common making up 17% of the total.
The finance and insurance sectors came in second at 13% and the hospitality industry was third on 12%.
With more and more retailers doing business online the use of third-party services has exploded. Many retail websites use a variety of such services to give them an edge over the competition.
The report shows a large rise in the number of service providers being compromised.
These companies provide IT services to other businesses and are an attractive target to hackers as a successful breach of one can provide them with a way to gain access to the service providers clients.
Apps and add-ons ranging from live chatbots to customer review plugins have grown in popularity but unfortunately, many of them have poor security standards that hackers can and do exploit.
The report shows that despite increased spending by retailers on security many are still falling victim to cybercrime due to them not addressing the potential threats posed by third-party services.
Last year, Magecart, a hacker group that specialises in skimming credit card details from unsecured payment forms on websites stole hundreds of thousands of private customer records from big-name companies such as British Airways by exploiting vulnerabilities present in the scripts of third-party add-ons and services. The breach was part of a massive campaign that impacted more than 800 e-commerce sites.
To reduce the risks, you should ask yourself the following:
By using CyberScore™ on your partners you will be able to see what areas of their security they need to improve and what areas are vulnerable to compromises.
Poor due diligence has resulted in some of the biggest data breaches of recent years. Just because a third-party service provider says they’re secure doesn’t mean it is so. It always pays to check for yourself. With CyberScore™ you can attain a clear security overview of third parties.