Unpatched security vulnerabilities remain the biggest threat to UK retailers as they increase spending to mitigate risk during the busy Christmas shopping period, according to Infoblox.
The security vendor polled 3000 consumers and retail IT professionals across Europe and the US to better understand their attitudes to data security during December.
In the UK, the largest number of IT pros (28%) claimed unpatched flaws were the main source of attacks, followed by consumer or end-user error (25%), supply chain vulnerabilities (22%) and unprotected IoT devices (21%).
Given these risks, it’s no surprise that 63% of UK retailers have increased spending on cybersecurity during the busy period.
Although it was unclear in which areas they’re spending, a rise in social engineering attacks is seen as a major threat (34%). It would therefore appear that phishing attempts aimed at both consumers and retail employees is high on the list of concerns.
However, ID fraud (16%) and data security (13%) are far less important for UK consumers than delivery (55%). That might explain why a fifth of them take no proactive measures to protect their data — higher than in any other country surveyed.
Despite this apparent complacency, consumers are far from convinced that the stores they shop in are capable of keeping their personal data secure. Just one third (34%) said they trust retailers to hold their data.
“It’s interesting to read that so few consumers around the world are actively concerned with the protection of their own data when shopping online, particularly when two thirds of those we surveyed had little trust in how retailers held that data,” said Infoblox technical director for Western Europe, Gary Cox.
“More education is clearly required of the risks that online shoppers face, especially over Christmas, and the steps they can take to better protect their own data and identity from those intent on theft and fraud.”
According to the British Retail Consortium’s 2016 Retail Crime Survey, 53% of all fraud in the industry comes from cyber, amounting to estimated losses of £100 million.