Despite Christmas surges around Black Friday and Cyber Monday, large amounts of customer data was worryingly available to hackers, Sophos study finds
Online shoppers could have been putting their personal information at risk this Christmas, according to research which found the majority of UK retail sites lack proper security protection.
A study by security firm Sophos found that 72 percent of retailers had failed to implement proper security measures, putting both themselves and their customers at risk.
Instead, most admitted to primarily relying on very basic levels of protection, such as firewalls (77 percent) and anti-virus (33 percent), meaning they often lacked the necessary encryption tools to safeguard both business and customer data.
Overall, only 31 percent said they had network protection beyond a firewall, and only 2 percent had a comprehensive unified threat management capability in place.
When asked why their security levels were so low, the study uncovered a worrying lack of knowledge when it came to implementing such precautions, with 14 percent of UK retailers admitting that they didn’t have the expertise necessary to implement basic cyber security measures.
And disturbingly, given a spate of recent high-profile attacks on shopping sites, 40 per cent of UK retailers admit they didn’t know why their company hadn’t implemented basic cyber security measures.
Despite these findings, many retailers were actually confident in their security provisions, with 87 percent of retailers believing that they had adequate security in place to protect customer data. 86 percent also believed their site’s protection was enough to protect their general network from the malicious malware used by hackers to steal business and customer data.
“We’re now in the midst of the busiest time of the year for the retailers, so shops must ensure they have appropriate measures in place to prevent cyber crime,” said James Lyne, Sophos’ global head of research.
“As recent data breaches show, it is critical that retailers protect customer data both from exposure in the public domain and from being quietly used in the background. Cyber criminals have clearly demonstrated systematic compromise of such organisations, it is clear that they are high on their priority list.”
Online retailers have unfortunately proved popular targets for cybercriminals in recent times, with the wealth of customer data on record proving irresistible to hackers.
“In the lead up to Christmas, we can expect to see an increase in data breaches if retailers continue not taking the necessary steps to secure customer data,” Lyne added.
“For an industry responsible for holding and safeguarding so much sensitive customer data, it’s worrying to see the level of over confidence and lack of awareness surrounding cyber security. This needs to be rectified if we are to adequately protect UK consumers. What amazes me is how often the breaches are the result of incredibly simple failures of policy, training or technology and not the result of cyber criminals being particularly clever.”
Are you a security pro? Try our quiz!