sb-au logo
Story image

Retailers failing customers when it comes to data security

Retailers are failing to adequately secure customer’s data, especially when it comes to application development processes, new research from Claranet indicates.

According to Claranet, many retailers have adopted or plan to adopt a DevOps approach. In fact, 40% of retailers said they have already adopted a DevOps approach and 44% expect to this year.

However, less than half (42%) are confident when it comes to integrating security into this process, or DevSecOps. This is largely due to the fact the retailers feel they lack in-house capabilities to deliver DevSecOps, and only 48% know how to integrate IT security into their processes.

According to Claranet, not integrating security into DevOps approaches signifies significant security risks and can lead to data protection risks.

Claranet head of retail John Hayes-Warren says, “Embracing DevOps is clearly a priority for retailers as they look to improve their applications and deliver better, more seamless experiences for their customers. However, the lack of DevSecOps integration shows security is still regarded as separate from the development lifecycle, rather than factored in from the start."

"DevOps is a constantly evolving process that embraces innovation, and tends to outpace security and compliance, making it increasingly difficult to embed and automate the latest best practices into each stage of the development lifecycle. This is supported by the fact that over half of retailers do not feel confident they can deliver DevSecOps, opening the door to leaks of customer data, fraud, and cyberattacks," he says.

Hayes-Warren encourages retailers to develop an in-house development programmes that includes regular security training courses.

These should include continuous monitoring and analytics throughout the DevOps lifecycle, whether in planning, coding, pre-production, or even decommissioning, he says.

"DevSecOps is a complex process that is continually changing to respond to new security threats. It is vital that retailers provide their development teams with suitable training programmes if they hope to build highly secure applications and this will help to ensure all customer data is fully protected across each end-point,” says Hayes-Warren.

Story image
ConnectWise launches bug bounty program to bolster cybersecurity strategy
“Crowdsourcing in this way represents a solid additional layer of security, and we clearly value the community's expertise and participation in helping us keep our products secure."More
Story image
Check Point acquires Odo Security to bolster remote security offering
The deal will integrate Odo’s remote access software with Check Point’s Inifinity architecture, bolstering the latter company’s remote security capabilities in a time where working and learning from home has become the norm, and looks to largely remain that way in the near future.More
Story image
Report: 151% increase in DDoS attacks compared to 2019
It comes as the security risk profile for organisations around the world increased in large part thanks to the COVID-19 pandemic, forcing greater reliance on cloud technology and thrusting digital laggards into quick and unsecured migrations.More
Story image
Revealed: The behaviours exhibited by the most effective CISOs
As cyber-threats pile up, more is being asked of CISOs - and according to Gartner, only a precious few are 'excelling' by the standards of their CISO Effectiveness Index.More
Story image
Global attack volume down, but fraud and cyber threats still going strong
“The move to digital, for both businesses and consumers, has been significant. Yet with this change comes opportunity for exploitation. Fraudsters look for easy targets: whether government support packages, new lines of credit or media companies with fewer barriers to entry."More
Story image
Sophos named mobile security Leader in IDC MarketScape
Sophos Intercept X for Mobile has capabilities in protecting Android, iOS and Chrome OS users from known and never before seen mobile threats.More