sb-as logo
Story image

Retailers failing customers when it comes to data security

Retailers are failing to adequately secure customer’s data, especially when it comes to application development processes, new research from Claranet indicates.

According to Claranet, many retailers have adopted or plan to adopt a DevOps approach. In fact, 40% of retailers said they have already adopted a DevOps approach and 44% expect to this year.

However, less than half (42%) are confident when it comes to integrating security into this process, or DevSecOps. This is largely due to the fact the retailers feel they lack in-house capabilities to deliver DevSecOps, and only 48% know how to integrate IT security into their processes.

According to Claranet, not integrating security into DevOps approaches signifies significant security risks and can lead to data protection risks.

Claranet head of retail John Hayes-Warren says, “Embracing DevOps is clearly a priority for retailers as they look to improve their applications and deliver better, more seamless experiences for their customers. However, the lack of DevSecOps integration shows security is still regarded as separate from the development lifecycle, rather than factored in from the start."

"DevOps is a constantly evolving process that embraces innovation, and tends to outpace security and compliance, making it increasingly difficult to embed and automate the latest best practices into each stage of the development lifecycle. This is supported by the fact that over half of retailers do not feel confident they can deliver DevSecOps, opening the door to leaks of customer data, fraud, and cyberattacks," he says.

Hayes-Warren encourages retailers to develop an in-house development programmes that includes regular security training courses.

These should include continuous monitoring and analytics throughout the DevOps lifecycle, whether in planning, coding, pre-production, or even decommissioning, he says.

"DevSecOps is a complex process that is continually changing to respond to new security threats. It is vital that retailers provide their development teams with suitable training programmes if they hope to build highly secure applications and this will help to ensure all customer data is fully protected across each end-point,” says Hayes-Warren.

Story image
App install fraud up $945 million in APAC
Asia Pacific was exposed to US$945 million in app install fraud in the first half of 2020. This is according to the AppsFlyer annual fraud report The State of Mobile Ad Fraud 2020 Edition. More
Story image
AWS launches fully-managed fraud detection service
Businesses lose billions of dollars to online fraud every year, however businesses respond by investing in cumbersome fraud management solutions that often rely on hand-coded rules and are difficult to keep up to date.More
Story image
Malware attacks abusing machine identities grew eightfold over the last 10 years - report
"Machine identity capabilities have become commoditised and are being added to off-the-shelf malware, making it more sophisticated and harder to detect."More
Story image
OkCupid website and app found to have significant security flaws
The popular online dating service has been found to have several vulnerabilities which, if exploited, could put the private data of users in danger of being stolen.More
Story image
Beware of these six L7 DDoS attacks
As more services are migrating online, DDoS attacks are increasingly shifting away from the network layer, and into the application layer, writes Radware product marketing manager Eyal Arazi.More
Link image
True SASE. True zero trust. True cloud.
Secure Access Service Edge (SASE) is the new way of unifying security. Use the combined power of threat protection and data loss prevention to protect data, users, and systems safe when people are now working from almost anywhere.More