Demo of the CyCognito Platform

See the CyCognito platform in action to understand how it can help you identify, prioritize and eliminate your most critical risks. 

State of External Exposure Management, Summer 2024 Edition

Download the report now to stay ahead of emerging threats and strengthen your organization’s security posture for 2024. 

The Total Economic Impact™ of The CyCognito Platform

Read The Total Economic Impact™ of The CyCognito Platform — a Forrester study. Cost Savings And Business Benefits Enabled By The CyCognito Platform. 

 
Press Release

CyCognito Report Highlights Rising Cybersecurity Risks in Holiday Ecommerce

Findings reveal growing cybersecurity risks in ecommerce, exposing vulnerabilities in PII handling and lack of basic security protections like HTTPS and WAFs

Palo Alto, California – November 26, 2024

CyCognito today released a special report on the security risks facing ecommerce platforms during the holiday shopping season, highlighting the growing threats to customer data as Black Friday and Cyber Monday drive a surge in online activity. The findings showed that, despite ecommerce sites handling more sensitive data than ever, vulnerabilities continue to persist—especially in web applications and interfaces.

With the holidays fast approaching, both retailers and shoppers need to be prepared for the risks of the seasonal rush. As they race to meet shopping demands, attackers are ready to exploit vulnerabilities in ecommerce assets, potentially stealing personal information or causing major disruptions," said Emma Zaballos, Senior Researcher, CyCognito. "It's crucial for retailers to prioritize ongoing security checks, ensuring their websites are prepared well ahead of peak shopping days. Otherwise, the consequences could be a far worse gift than any shopper expected."

For this report, CyCognito's research team aggregated and analyzed ecommerce web application assets across its customer base from November 2023 to October 2024. All findings are anonymized and normalized. These customers span multiple industry verticals and include a mix of small, medium, and large enterprises across the globe, including Fortune 500 companies.

Key findings:

  • Ecommerce Sites Handling Sensitive Data at Risk: Over half (53%) of ecommerce assets collect personally identifiable information (PII), making them prime targets for attackers. With increasing reliance on ecommerce platforms during peak shopping seasons, PII exposure remains a critical concern.
  • Widespread Lack of HTTPS and WAF Protections: Despite the 30-year anniversary of HTTPS, 3% of ecommerce web apps still lack HTTPS protection, increasing the risk for both customers and retailers. WAF adoption has also declined, with over 40% of ecommerce assets lacking this basic defense against attacks.
  • PII-Exposing Assets Lacking Security Protections: The number of ecommerce assets that collect PII and lack a WAF has risen to 35%, up from 24% last year. In the UK and Europe, over 40% of such assets remain unprotected, increasing the potential for data breaches and reputation damage.
  • Certificate Validity and Trust Issues: While certificate validity has improved, 6% of ecommerce sites still show certificate issues, with the UK seeing an increase to 14%. This raises concerns about customer trust, especially during critical sales periods when users may abandon transactions due to security warnings.

To view the full report, please visit this link.

About CyCognito

CyCognito is an exposure management platform that reduces risk by discovering, testing and prioritizing security issues. The platform scans billions of websites, cloud applications and APIs and uses advanced AI to identify the most critical risks and guide remediation. Emerging companies, government agencies and Fortune 500 organizations rely on CyCognito to secure and protect from growing threats. For more information, visit https://www.cycognito.com

Media Contact
Ignacio Ramirez

Switch PR
(415) 517-6708
[email protected]

The Platform to Rule Your Risk

The CyCognito platform preempts attacks and helps satisfy key elements of most common security frameworks and many regulatory compliance standards.

Learn more about the CyCognito and take the first step to Rule Your Risk.