The Rise in Cybercrime: Should Ecommerce Businesses Be Worried?
The COVID-19 pandemic has had an impact on almost every aspect of everyday life – and cybercrime is no different.
Yet businesses may not be aware of just how much the dangers have increased. The UN recently reported that it had seen an incredible 600 percent increase in malicious emails since the beginning of the coronavirus crisis.
While businesses have had to contend with many challenges throughout the pandemic, it is important not to lose sight of just how damaging a cyber-attack can be – not just to a company’s finances, but to its reputation too.
If you run an ecommerce business, you need to be aware of the dangers of cybercrime. Now is the time to invest in effective measures to mitigate risk and keep your website and systems as secure as possible. Here we take a look at how cybercrime is affecting ecommerce and what you can do about it.
A Growing Problem
It is sometimes the case that even good news can have unforeseen negative consequences. Over the course of the COVID-19 pandemic, ecommerce retailers have enjoyed an increase in sales.
Ecommerce is projected to see an overall growth of around 20 percent in 2020. The pandemic is undoubtedly the most important factor in this spike in numbers. There are actually a number of reasons for this. Firstly, some customers are less willing to shop in physical stores either through the need to isolate, fear of the virus, or finding the whole process of physical shopping more challenging.
Secondly, it is important to note that as businesses change their focus towards online shopping, they create better environments for customers to shop in. And, of course, it should be pointed out that this change towards online shopping is likely to be long-term rather than short-term, as many of the perceived barriers for online shopping have now been removed.
However, more customers and more online footfall make ecommerce a bigger target for cybercriminals. This is why ecommerce businesses should invest at least some of their newly earned revenue in improving their cybersecurity measures.
[WATCH WEBINAR] Recession Proof CRO: ROI In Rapidly Changing Times
What Are the Risks and Threats?
There is a wide variety of threats and threat actors with the potential to harm ecommerce businesses. Cybercriminals have become more and more advanced over time, and where before businesses needed only to contend with issues like phishing emails and the exploitation of weak passwords.
Modern cybercriminals use techniques ranging from ransomware – software that locks you out of your system until a ‘ransom’ is paid – to formjacking – where hackers add a script to your form page which is able to lift customers’ details as they type them in.
Staying informed about the latest techniques and tactics used by cybercriminals is an important step in being able to defend your company against them. This is a continuous process, as techniques change and evolve over time.
A key technique is card skimming, with one of the most well-known card-skimming attacks being Magecart – a dangerous malware able to operate through a business’ website. It is extremely difficult to detect this attack especially if a company is not using advanced cybersecurity solutions. A major part of the damage it can do is that it can function for a significant period of time without being noticed.
Clothing company, Páramo, was affected by a Magecart attack for eight months before they identified and removed it. 3,743 people’s full card details – including all data points necessary to make online purchases elsewhere – had been stolen between July 2019 and March this year. In its message to customers the retailer said:
This is despite the fact that Páramo employ Security Metrics, an approved security scanning vendor, to conduct quarterly vulnerability scans on our websites for PCI DSS purposes. The coding remained undiscovered due to its sophisticated nature.
Vulnerabilities in open source software create another major issue for ecommerce businesses. Open source software is popular with businesses as it is free to use and because it can be altered and modified in order to fit the specific needs of each company. However, the popularity of this software makes it a valuable target for cybercriminals because its vulnerabilities are shared by such a large number of businesses.
This is a growing problem because the number of open source software vulnerabilities doubled in 2019, with this figure likely to rise throughout 2020.
How Can Ecommerce Companies Boost Their Cybersecurity?
The changing threat landscape means that effective cybersecurity involves much more than having a firewall and antivirus software in place. Of course, these still have a role to play, but cybercriminals have become far too sophisticated for these to be a comprehensive defense against attacks.
Cybercrime is affecting ecommerce businesses. Companies must look to proactively protect themselves against malicious threat actors, and one of the most important ways to achieve this is through penetration testing.
A penetration test is a form of ethical cybersecurity assessment designed to identify and safely exploit vulnerabilities affecting computer networks, systems, applications, and websites so that any weaknesses discovered can be addressed in order to mitigate the risk of suffering a malicious attack.”(Redscan)
In a penetration test, a cybersecurity specialist will attempt to use techniques and tactics that could be deployed by cybercriminals in order to overcome your defenses. In doing so, they can reveal weaknesses within your system that a criminal could exploit. At the end of the test, the specialist will provide the business with details on how to overcome the weakness so that it could not be exploited in a genuine attack.
Pen tests are valuable for businesses of all sizes, as they test the strength of the defenses that they currently have in place. It provides a business with valuable insight into vulnerabilities in its systems as well as providing the opportunity to rectify the issues before they can be exploited by cybercriminals.
Of course, investing properly in defense measures such as antivirus software and a strong firewall is still important – but getting input from cyber security specialists has become absolutely essential for ecommerce businesses.
While businesses attempt to deal with the immediate challenges of the COVID-19 pandemic, it can be tempting to overlook less obvious serious issues. But all companies that rely on online businesses need to prioritize their cybersecurity.
Cybercriminals become more and more advanced every day. These sophisticated attacks can seriously impair the ability of your company to operate effectively. It is no longer possible to simply rely on automated cyber defenses – you need to ensure that your team is proactive as well as reactive when it comes to threats.
Remember that a cyber-attack not only incurs significant financial costs – it can also damage a company’s reputation and customer loyalty. And that can have a long-term impact on an ecommerce retailer’s success.