Outpost 24’s 2020 Web Application Security for Retail & E-commerce Report has found that US retailers are far more vulnerable to web application attacks than EU based retailers. The cybersecurity firm Outpost 24 discovered that web apps used by US retailers had a higher aggregated average risk score of 35 compared to EU retailers who have a lower aggregated average risk score of 31.
Outpost 24 report also shows that the US retailers have a wider attack surface, running more publicly exposed web apps (3357) compared to those in the EU (2799). However, EU retailers were found to have a higher proportion of applications using old components that contained vulnerabilities (27%) compared to US retailers (22%).
Overall, Outpost revealed that the largest single attack vector for both US and EU retailers was security mechanisms, with respective risk exposure scores of 99 and 90.5. The research also noted that the use of HTTP websites and unrestricted access to unsecured areas of the site without encryption contributed to a higher attack surface score.