The e-commerce industry continues to be the primary focus of cyber-attacks, with one in three experiencing a successful attack each year. E-commerce security aims to protect businesses from cybersecurity attacks and safeguard customers’ data by ensuring safe and secure online transactions.
The three pillars of e-commerce business are:
- Confidentiality – ensuring customer data is not accessed by unauthorised third parties
- Authentication – evidence that the customer and e-commerce company are real and complete their part of the transaction
- Data integrity – customer information should remain unedited and as-given
Cybersecurity issues in the e-Commerce industry
The cybersecurity issues facing the e-commerce industry include:
- Phishing – These attacks intend to gain confidential information through email requests that appear official and genuine. The attacks are conducted on a massive scale to weed out the small percentage of recipients who will fall for the attack.
- Spearphishing – An evolution of the phishing technique, spearphishing targets e-commerce sites and uses specific information, such as the individual’s job title and co-worker names to create a compellingly genuine email.
Further cybersecurity issues facing e-commerce firms include DoS and DDoS attacks, malware, SQL injection, cross-site scripting, and brute force attacks.
Serious cyber-attacks on the e-Commerce industry
In 2014, eBay was hacked with attackers acquiring the personal information and passwords of all registered users. This enabled the attackers to launch brute force attacks on user accounts held elsewhere, making them vulnerable to identity theft and account hijacking.
The eBay attack was enabled by a 2010 spearphishing attack of Romanian origin. The spearphishing attack gained the credentials of six eBay employees.
How to combat cyber-attacks
E-commerce businesses need a multi-pronged strategy to ensure security against cyber-attacks:
- Multi-layer security – Implementing several layers of defence strengthens your overall security standing. Layers may include introducing two-factor authentication or a Content Delivery Network.
- HTTPS protocols and Secure Server (SSL) Certificates – These encrypt sensitive data that is shared through the internet. Without SSL Certificates, hackers can attack en-route data such as bank card numbers, usernames, and passwords.
- Solid-rock firewalls – These regulate the flow of website traffic to and from your network and block untrusted networks.
- Anti-malware and anti-virus software – These block and detect malicious software with automated or manually instructed system scans.
- Comply with PCI-DSS requirements – The Payment Card Industry Data Security Standard must be followed by any e-commerce business that handles credit card transactions. The standard requires you to protect cardholder data, regularly monitor and test your network, and maintain a secure network, vulnerability management program, and information security policy.
If you are interested in tackling cyber-attacks, get in touch with us. We can offer your business Penetration Testing and Cyber Essentials.