Retail sector suffers more data breaches than any other due to third-party vulnerabilities

According to Trustwave’s recently released 2018 Global Security report, the retail sector suffered more breaches than any other in 2017 as attackers exploited vulnerabilities in third-party apps and services.

The reports shows that in 2017, incidents involving the retail sector were the most common making up 17% of the total.

The finance and insurance sectors came in second at 13% and the hospitality industry was third on 12%.

Third party services: Handy or a needless risk?

With more and more retailers doing business online the use of third-party services has exploded. Many retail websites use a variety of such services to give them an edge over the competition.

The report shows a large rise in the number of service providers being compromised.

These companies provide IT services to other businesses and are an attractive target to hackers as a successful breach of one can provide them with a way to gain access to the service providers clients.

Apps and add-ons ranging from live chatbots to customer review plugins have grown in popularity but unfortunately, many of them have poor security standards that hackers can and do exploit.

Increased Security Spending

The report shows that despite increased spending by retailers on security many are still falling victim to cybercrime due to them not addressing the potential threats posed by third-party services.  

Last year, Magecart, a hacker group that specialises in skimming credit card details from unsecured payment forms on websites stole hundreds of thousands of private customer records from big-name companies such as British Airways by exploiting vulnerabilities present in the scripts of third-party add-ons and services. The breach was part of a massive campaign that impacted more than 800 e-commerce sites.

image1

Reducing the Risks

To reduce the risks, you should ask yourself the following:

  • Do you know who your third-party vendors are? Carrying out audits on the vendor and its services can expose any potential vulnerabilities the third-party service may have.
  • Do you know how many third-party services are running within your systems? Do you know what they are and what they do?

Do your Third-party Due Diligence with CyberScore™

By using CyberScore™ on your partners you will be able to see what areas of their security they need to improve and what areas are vulnerable to compromises.

Poor due diligence has resulted in some of the biggest data breaches of recent years. Just because a third-party service provider says they’re secure doesn’t mean it is so. It always pays to check for yourself. With CyberScore™ you can attain a clear security overview of third parties.

For Further Reading:

Do you know your third-party risk?

Third Party privacy concerns go beyond Social Media

How much is your data worth?

Follow us on FacebookTwitter and LinkedIn