A study of 70 web applications released by data security provider Imperver today revealed that online retailers are suffering twice as many SQL injection attacks than other industries.
It found that the average web apps had received 749 individual attack requests per attack incident, with one website under attack 98%of the time over the six month period.
Why were they targeted more than other industries?
SQL injection is a code injection technique that allows hackers to steal and alter private information from databases.With retailers handling vast amounts of credit data and personal information, their susceptibility to SQL injection attacks increases.
What’s more Dwayne Melancon, CTO at security vendor Tripwire, told CBR today that many retailers in the past have a taken a "bare minimum approach" when it comes to funding security.
Research from Tripwire also found that over two-thirds of IT professionals in the retail sector said communicating security problems to senior bosses had not been effective because "negative facts are filtered before being disclosed."
"This makes it vital for retailers to adopt an organised approach for securing, continuously monitoring, and controlling their data and the activities of their staff. As they say, trust is not a control and hope is not a strategy – now more than ever data-driven, risk-based security approaches are crucial for retailers," Melancon added.
This article is from the CBROnline archive: some formatting and images may not be present.