Almost half of e-retailers expect sales growth to reach over 20% year-on-year in the run-up to Christmas.
But despite this fact, many online retailers are relying on outdated cyber security practices that could be putting their companies in jeopardy at their most important time of the year.
According to figures released today by IMRG (the UK’s industry association for e-retail), the overall rate of compliance among e-retailers when it comes to the Payment Card Industry Data Security Standard (PCI DSS) is as low as 11.1%.
Compliance with PCI Requirement 11, which covers the the regular vulnerability of scanning and penetration testing of processes, applications and networks, is only 40%.
This is alarming news considering that nearly 87% of merchants experiencing breaches were not compliant.
Next Friday, dubbed Black Friday, is the traditional kick-start to festive trading, but it is also when many retailers will ‘freeze’ critical transaction and other supporting systems so as not to risk outages from patches and updates.
17.9 million transactions are also expected to take place on the 1st of December or ‘Cyber Monday’- the biggest online shopping day of the year.
‘At this time of year many merchants are operating in production freeze,’ Cybersecurity firm Tenable Network Security’s David Schreiber explained.
‘The focus for IT teams is on uptime, performance, throughput and availability – optimising retail transactions. Patching and other security-related updates get pushed to the back burner.’
this year has seen a 26.9% increase in breaches from last year, with major IT vendors like Oracle, IBM, Cisco, Microsoft, Red Hat, Google, Apple and Adobe set to announce hundreds of new vulnerabilities in Q4 2014.
And, if the last two years are any indication, says Schreiber, there will be hundreds more in January.
‘This implies that there are lots of merchants running their businesses on vulnerable systems,’ said Schreiber.
‘Security is a daily habit, not just an annual compliance validation. Changing security habits from naughty to nice requires time, effort, vigilance, investment in comprehensive security solutions, continuous monitoring, employee training, and attitude adjustments. It’s a major investment, but well worth the expense when compared to the cost of recovering from a major breach.’