As online retailers prepare for the upcoming holiday shopping season, security researchers are warning that cybercriminals will be on the prowl this year, with the added factor of the coronavirus pandemic pushing many Black Friday shoppers online.

Chris Eng, chief research officer with Veracode, warns that the deluge of in-person shoppers during the pandemic has pushed restaurants, boutique shops and other retailers to utilize new online software ecommerce platforms – but they aren’t prepared for implementing the correct security measures for them.

“Everybody’s becoming more dependent on software. And now they get to also have the challenges of securing that software that other companies have had before,” he said during this week’s Threatpost podcast.

Listen to the full Threatpost podcast, where Eng discusses the top threats and trends to expect during the online holiday retail season in 2020, as well as top takeaways from Veracode‘s State of Software Security, released on Tuesday.

Below find a lightly edited podcast transcript.

Lindsey O’Donnell Welch: Welcome back to another episode of the Threatpost podcast. This is Lindsey O’Donnell Welch with Threatpost. And I am joined today by Veracode chief research officer, Chris Eng, who is here to talk about retail application-security challenges and security advances in that area, as well as a new state of software security report by Veracode that was just released. So Chris, thank you so much for coming on to the show today.

Chris Eng: Great to be here.

LO: Great. So I really want to focus on the state of software security overall, but then also, the retail industry, especially with, Amazon Prime Day earlier in October, and then the holiday-season shopping kicking off with with Black Friday and Cyber Monday. How is retail security going to face different challenges this year, with how applications are being used and being vulnerable and things like that? But before we discuss that, do you want to talk a little bit about the state of software security report and some of the big takeaways and trends that you saw there?

CE: Yeah, sure, happy to. So this is a report that Veracode releases every year, and the data set gets bigger every year, because we use our customer data, to basically find some of the trends that are happening in the application-security space, because of where we are as a cloud service, we have access to all that data. And so we can slice and dice it in many different ways and ask interesting questions about what’s happening out there. And so this time, for example, we looked at 130,000 active applications that are being developed across the world in different industries, and we really wanted to focus in this year on the theme that we ended up with is “nature versus nurture.” And in other words, you know, what do you control? And what don’t you control? When you think about the vulnerabilities that you have in your applications? And how long it takes to fix those? And to what extent you actually get after those? What can you control? And we thought that was an interesting question to ask, because we had found in previous reports that, for example, customers that scan more frequently, actually reduce their security debt much faster and much more efficiently than those that didn’t. And so we said, well, what what other factors are there? And so that’s, that’s something that when we looked at it, we thought about certain things that you just inherit, right? There’s certain things that you don’t really control, you don’t control the size of your organization, the size of your application, the amount of security debt that you inherit, that’s kind of like your nature, right? But then there are things that you do control, you control, how frequently you scan, what types of scanning that you use, different technologies, how regular your scan cadence is. Is it bursty, is it irregular versus regular? And basically in a nutshell, we found that all these things that you do control, can actually improve your fixed time significantly – Even if you’re dropped into like a bad environment. Even if you’re dropped into, an old, crusty legacy application in a slow moving organization with a high amount of security debt. There’s still things that you can do as developer to improve the overall security the application so I thought that was a really, really cool finding, to kind of isolate all these different factors and kind of show the correlation there.

#podcasts #vulnerabilities #web security #amazon prime day #black friday #covid-19 #cyber monday #holiday shopping #magecart #online shopping #pandemic #podcast #retail #retail security #retail software #target #veracode

Holiday Shopping Craze, COVID-19 Spur Retail Security Storm
1.40 GEEK