Veracode's Chris Eng discusses the cyber threats facing shoppers who are ... Holiday Shopping Craze, COVID-19 Spur Retail Security Storm.
As online retailers prepare for the upcoming holiday shopping season, security researchers are warning that cybercriminals will be on the prowl this year, with the added factor of the coronavirus pandemic pushing many Black Friday shoppers online.
Chris Eng, chief research officer with Veracode, warns that the deluge of in-person shoppers during the pandemic has pushed restaurants, boutique shops and other retailers to utilize new online software ecommerce platforms – but they aren’t prepared for implementing the correct security measures for them.
“Everybody’s becoming more dependent on software. And now they get to also have the challenges of securing that software that other companies have had before,” he said during this week’s Threatpost podcast.
Listen to the full Threatpost podcast, where Eng discusses the top threats and trends to expect during the online holiday retail season in 2020, as well as top takeaways from Veracode‘s State of Software Security, released on Tuesday.
Below find a lightly edited podcast transcript.
Lindsey O’Donnell Welch: Welcome back to another episode of the Threatpost podcast. This is Lindsey O’Donnell Welch with Threatpost. And I am joined today by Veracode chief research officer, Chris Eng, who is here to talk about retail application-security challenges and security advances in that area, as well as a new state of software security report by Veracode that was just released. So Chris, thank you so much for coming on to the show today.
Chris Eng: Great to be here.
LO: Great. So I really want to focus on the state of software security overall, but then also, the retail industry, especially with, Amazon Prime Day earlier in October, and then the holiday-season shopping kicking off with with Black Friday and Cyber Monday. How is retail security going to face different challenges this year, with how applications are being used and being vulnerable and things like that? But before we discuss that, do you want to talk a little bit about the state of software security report and some of the big takeaways and trends that you saw there?
CE: Yeah, sure, happy to. So this is a report that Veracode releases every year, and the data set gets bigger every year, because we use our customer data, to basically find some of the trends that are happening in the application-security space, because of where we are as a cloud service, we have access to all that data. And so we can slice and dice it in many different ways and ask interesting questions about what’s happening out there. And so this time, for example, we looked at 130,000 active applications that are being developed across the world in different industries, and we really wanted to focus in this year on the theme that we ended up with is “nature versus nurture.” And in other words, you know, what do you control? And what don’t you control? When you think about the vulnerabilities that you have in your applications? And how long it takes to fix those? And to what extent you actually get after those? What can you control? And we thought that was an interesting question to ask, because we had found in previous reports that, for example, customers that scan more frequently, actually reduce their security debt much faster and much more efficiently than those that didn’t. And so we said, well, what what other factors are there? And so that’s, that’s something that when we looked at it, we thought about certain things that you just inherit, right? There’s certain things that you don’t really control, you don’t control the size of your organization, the size of your application, the amount of security debt that you inherit, that’s kind of like your nature, right? But then there are things that you do control, you control, how frequently you scan, what types of scanning that you use, different technologies, how regular your scan cadence is. Is it bursty, is it irregular versus regular? And basically in a nutshell, we found that all these things that you do control, can actually improve your fixed time significantly – Even if you’re dropped into like a bad environment. Even if you’re dropped into, an old, crusty legacy application in a slow moving organization with a high amount of security debt. There’s still things that you can do as developer to improve the overall security the application so I thought that was a really, really cool finding, to kind of isolate all these different factors and kind of show the correlation there.
podcasts vulnerabilities web security amazon prime day black friday covid-19 cyber monday holiday shopping magecart online shopping pandemic podcast retail retail security retail software target veracode
Kết quả hình ảnh cho Amazon Prime Day Spurs Spike in Phishing, Fraud Attacks A spike in phishing and malicious websites aimed at defrauding Amazon.com customers aim to make Prime Day a field day for hackers. ... Researchers analyzed hundreds of millions of web pages to track the number of new phishing and fraudulent sites using the Amazon brand and logos.
Experts Weigh in on E-Commerce Security Amid Snowballing Threats. How a retail sector reeling from COVID-19 can lock down their online systems to prevent fraud during the upcoming holiday shopping spike. ... But experts are warning retailers not to focus only on one threat or on protecting one particular system.
Account takeover (ATO) attacks are on the rise, and in fact have become a go-to attack of choice cybercriminals of all stripes. In fact, in 2019 alone, ATO attacks cost consumers and e-commerce retailers a whopping $16.9 billion in losses.
Learn Cyber Defense programming by Cyber Security Training. Know how to stop tactics of ransomware, malware, social engineering, phishing by hacking course.
Threatpost editors break down the top themes, speakers and sessions to look out for this year at Black Hat 2020 – from election security to remote work and the pandemic.