Enable your security and operations teams to proactively identify, prioritize, and remediate exposures to stay ahead of attackers.
Watch a Demo
The expansion of an organization's attack surface continues to present a critical business challenge. Download the GigaOm Radar for Attack Surface Management to get an overview of the available ASM solutions, identify leading offerings, and evaluate the best solution for you. More...
The CyCognito platform helps you identify all of the attacker-exposed assets in your IT ecosystem for a complete view of your attack surface.
Download CyCognito’s State of External Exposure Management Report to learn key recommendations that your Security teams can implement to improve their exposure management strategy and minimize risk. More...
External attack surface management is advancing cybersecurity into a new era. Learn how security experts across all industries benefit from using CyCognito’s platform.
Read The Total Economic Impact™ of The CyCognito Platform — a Forrester study. Cost Savings And Business Benefits Enabled By The CyCognito Platform. More...
We believe all organizations should be able to protect themselves from even the most sophisticated attackers.
Contact us
Cyber Monday is right around the corner. Celebrated on the Monday after Thanksgiving, this annual holiday has become one of the most anticipated shopping events each year since its inception in 2005.
The National Retail Foundation and Adobe Analytics found that over 77 million people spent upwards of 11 billion dollars on Cyber Monday in 2022.
This November 27 is no exception. Millions of consumers will flock to ecommerce websites in search of the best deals. Along the way, they will provide their personally identifiable information (PII) – credit cards, addresses, even passports – to carry out transactions.
But can shoppers be assured that the sites they do business with are secure and compliant?
CyCognito research reveals that, unbeknownst to them, consumer PII may be at great risk.
Ecommerce organizations, like many businesses today, live in the cloud. In fact, over half (52%) of ecommerce web apps are hosted in the cloud.
But as our research has uncovered, ecommerce applications, cloud or not, are not without security gaps.
2% of ecommerce web apps still lack HTTPS. With over 26 million ecommerce stores worldwide, this figure could impact 520,000 sites.
Over a quarter (28%) of ecommerce web apps lack a web application firewall (WAF).
One in four (24%) ecommerce web apps that collect PII are missing a WAF.
58% of all ecommerce web apps collect user PII.
78% of all ecommerce web apps fail to ask users to consent to cookies, creating a potential compliance headache for the organization.
13% of ecommerce web apps have certificate validity issues.
Nearly half (48%) of ecommerce web apps have one or more cryptographic vulnerabilities.
2% of ecommerce web apps have at least one critical security issue. Half of those web apps contain PII.
Over three quarters (76%) of the critical issues found in ecommerce web apps are also easily exploitable.
7% of all ecommerce web apps under monitoring have at least one issue from the OWASP Top Ten list.
Almost one third (31%) of ecommerce web apps have at least one easily exploitable issue.
Cyber Monday is filled with urgency – the urgency of getting a good deal, on the shoppers’ side, and the urgency of capitalizing on the biggest ecommerce days of the year for retailers. Cybercriminals take advantage of this urgency to exploit misconfigurations and vulnerabilities, which can cause massive reputational damage to inattentive organizations in the process.
This holiday shopping season, retailers need to take the time to ensure that ecommerce websites aren’t putting shoppers at risk. Checking for low-hanging fruit, like missing WAFs or expired certificates, can serve as indicators of more serious security issues.
If your organization owns ecommerce sites, you need complete peace of mind. Prioritize actively testing across the entire ecosystem of ecommerce sites. By testing for all issues continuously, not just once a year or once a quarter, your security team will have time to identify, prioritize and remediate potentially serious vulnerabilities that could result in stolen PII and frustrated shoppers.
For this report, CyCognito’s research team aggregated and analyzed ecommerce web application assets across its customer base in September 2023. All findings are anonymized and normalized. These customers span multiple industry verticals and include a mix of small, medium, and large enterprises across the globe, including Fortune 500 companies.
Download CyCognito’s State of External Exposure Management Report to learn key recommendations that your Security teams can implement to improve their exposure management strategy and minimize risk.
As your attack surface has grown to cloud infrastructures and across subsidiaries, attackers are looking for and finding unknown and unmanaged assets to serve as their entry points.
Request a personalized walkthrough of the CyCognito platform to see how we can help your company identify all its internet-exposed assets, focus on which are most vulnerable to attacks, and accelerate your time to remediating critical risks.
CyCognito solves one of the most fundamental business problems in cybersecurity: seeing how attackers view your organization, where they are most likely to break in, what systems and assets are at risk and how you can eliminate the exposure.
Founded by national intelligence agency veterans, CyCognito has a deep understanding of how attackers exploit blind spots and a path of least resistance. Based in Palo Alto, CyCognito serves a number of large enterprises and Fortune 500 organizations, including Colgate-Palmolive, Tesco and many others.
For more information, follow us on Twitter @cycognito.
Privacy Policy Terms of Service Sitemap