E-commerce stores gained a large share of the retail market while consumers were stuck at home over the past year. In 2020, online sales made up 21.3 percent of all total retail sales, up from 15.8 percent in 2019. As companies make the shift to ecommerce, cybersecurity is a growing concern. Here is how you can protect your business.
How does e-commerce affect retail cybersecurity?
- Increases website traffic
- Stores more customer data on company servers
- Mandates additional website plugins
- Requires additional training for employees
Increases Website Traffic
When store-based businesses first switch to selling online, they may not realize that they need to account for the uptick in website traffic. If too many people visit the site, it may overload the servers and cause everything to shut down. If you’re making the shift to e-commerce, it’s a good time to look into increasing your server allocations.
But legitimate traffic isn’t the only threat. Distributed denial of service (DDoS) attacks take place when malicious actors flood a website with bot traffic in an attempt to overwhelm the servers. These attacks are often used as a kind of blackmail or extortion attempt. Attackers will demand money in exchange for stopping the DDoS attack.
Also read: 5 Best Practices for Mitigating DDoS Attacks
Stores More Customer Data on Company Servers
With online sales, businesses have to store more customer information on their servers, including credit card information and customers’ names, addresses, and phone numbers. All of this data is a high-value target for hackers, and companies need to take necessary precautions to protect their customers. Secureworks offers a directory of known attackers and their threat actors to help businesses identify the kinds of issues they should be guarding against.
Rafe Pilling, Senior Information Security Researcher at Secureworks, says, “Payment card data theft and fraud (PCI) and theft of customer personally identifiable information (PII) are two of the big-ticket items that Retailers of all kinds worry about. A successful ransomware attack can not only paralyze the business but result in the theft of regulated and commercially sensitive data.”
“Minimizing the data retained is the most effective strategy. Criminals can’t steal what you don’t have.”Rafe Pilling, Senior Information Security Researcher at Secureworks
He goes on to explain how businesses can shield their customers from theft. “Minimizing the data retained is the most effective strategy. Criminals can’t steal what you don’t have.” You’ll need to follow Payment Card Industry Data Security Standard (PCI DSS) and only keep necessary information on your servers. “Visibility across the corporate network is also critical,” says Pilling. An XDR (extended detection and response) platform can give you the visibility your IT team needs to identify and block incoming threats.
Mandates Additional Website Plugins
To increase the functionality of their e-commerce site, businesses either need to custom-code their website or add third-party plugins. Plugins are generally a cheaper option and are easier to implement, but they come with their own risks. Not all website platforms carefully monitor the plugins they include in their app store, so you’ll need to be careful about which ones you add to your site. Read reviews and examine the documentation carefully before installing anything.
Courtney Radke, CISO for National Retail at Fortinet, explains some common issues with third-party plugins and how to protect against them. “As retailers add more cloud-based applications, both for their employees and their customers, they need to enhance their security capabilities beyond what they get from cloud service providers. Such applications are vulnerable to various threats and the organizations operating these applications are often required to meet compliance requirements.” Radke recommends that businesses use a Web-Application Firewall (WAF), secure web services, and APIs to protect against both known and unknown threats.
Requires Additional Training for Employees
Spotting theft in person and spotting theft online take vastly different skill sets and training protocols. When you make the move to e-commerce, you’ll need to train your employees to spot and avoid phishing attempts while also hiring cybersecurity experts to monitor your website and block and remediate threats. Smaller companies may want to hire a managed services provider for this rather than hiring an in-house team.
Joe Byrne, Regional CTO at AppDynamics, part of Cisco, in discussing the paradigm shift that companies need to undertake when they switch to e-commerce, found the best results come from companies who implement a strategy based on full-stack observability. “Full-stack observability enables the ability to monitor and can also provide business context of the entire IT stack, from the consumer-facing level down to the network and infrastructure of an application.”
Byrne explains that this method “allows IT teams to catch anomalies, issues and security threats in real time and have the ability to put it all within the context of the business, turning what previously took hours and days to remedy into a few minute fix.” Speeding up response times can limit the amount of data an attacker can access if they do breach your network.
Protecting your e-commerce store from changing cyber threats
Cybercriminals are getting smarter, but so are the experts working to stop them. In order to protect your online business from falling prey to attackers, you’ll need to take the proper steps to secure your website. Choose reputable hosting companies, carefully examine any third-party plugins, and incorporate cybersecurity tools designed to weed out malicious traffic and spear phishing attempts. With these precautions in place, you can keep your online customers safe and satisfied.