PRESS RELEASE
PALO ALTO, Calif., Nov. 26, 2024 – CyCognito today released a special report on the security risks facing ecommerce platforms during the holiday shopping season, highlighting the growing threats to customer data as Black Friday and Cyber Monday drive a surge in online activity. The findings showed that, despite ecommerce sites handling more sensitive data than ever, vulnerabilities continue to persist—especially in web applications and interfaces.
With the holidays fast approaching, both retailers and shoppers need to be prepared for the risks of the seasonal rush. As they race to meet shopping demands, attackers are ready to exploit vulnerabilities in ecommerce assets, potentially stealing personal information or causing major disruptions,” said Emma Zaballos, Senior Researcher, CyCognito. “It’s crucial for retailers to prioritize ongoing security checks, ensuring their websites are prepared well ahead of peak shopping days. Otherwise, the consequences could be a far worse gift than any shopper expected.”
For this report, CyCognito’s research team aggregated and analyzed ecommerce web application assets across its customer base from November 2023 to October 2024. All findings are anonymized and normalized. These customers span multiple industry verticals and include a mix of small, medium, and large enterprises across the globe, including Fortune 500 companies.
Key findings:
Ecommerce Sites Handling Sensitive Data at Risk
Widespread Lack of HTTPS and WAF Protections
PII-Exposing Assets Lacking Security Protections
Certificate Validity and Trust Issues
To view the full report, please visit this link.
About CyCognito
CyCognito is an exposure management platform that reduces risk by discovering, testing and prioritizing security issues. The platform scans billions of websites, cloud applications and APIs and uses advanced AI to identify the most critical risks and guide remediation. Emerging companies, government agencies and Fortune 500 organizations rely on CyCognito to secure and protect from growing threats. For more information, visit https://www.cycognito.com/