Protecting Your E-Commerce Business Against Ransomware Attacks

Back in 2019, before terms like ‘lockdown’ and ‘self-isolate’ became embedded in our day-to-day conversations, e-commerce accounted for around 11% of all retail sales and was growing steadily. Today, due to the pandemic and how it’s influenced consumer behaviour, eMarketer predicts that this figure will more than double to nearly 25% in the next 24 months.

Put simply, the pandemic has accelerated the uptake of e-commerce dramatically, either as a replacement for brick-and-mortar retail or as a supplement to cater for consumers that have made the switch to online shopping permanently as a result of the crisis. 

In the US, for instance, e-commerce penetration was at 5% back in 2009 and steadily crept up to just over 15% in 2019. Three months into the pandemic, e-commerce penetration rocketed to nearly 35%. McKinsey described the technological leap as a ‘decade in days’ when reporting on the sheer pace of digital transformation in the sector. The direction of travel is clear.

We’ve been moving toward e-commerce steadily for years and the pandemic has acted as an incredibly effective catalyst in getting us there. But where there is disruption and rapid digital transformation, bad cyber actors are rarely far behind.

A recent report from IT security specialist, Sophos, revealed that retail is currently the one of the most at risk sectors when it comes to ransomware attacks. In the last year alone, 12% of online retailers have been the victim of an attack where customer data was held to ransom. While that may not sound high, it’s more than double the global average across all other sectors.

Retailers and other businesses moving to embrace e-commerce solutions therefore have a problem. With online sales soaring and businesses accelerating their digital presence to meet demand, how do they make sure their security processes and policies evolve at the same pace? 

The Importance Of Data Encryption

Data encryption should really be a given, but even today it’s possible to stumble upon a website and be greeted with a splash page or pop-up warning that the website isn’t secure. Most shoppers that see this message are likely to bounce quickly onto a competitor’s website to do their shopping there instead. An SSL certificate is what your website needs in order to demonstrate that customer data is being handled safely and securely. When a customer sends their data, such as their address or payment information, it inevitably goes through several terminals and data centres where it’s vulnerable to being attacked or intercepted. SSL ensures that this data is encrypted throughout that journey, keeping it secure and making it less of a target for bad actors. 

Using Firewalls To Their Fullest Potential

In simple terms, a firewall is effectively a ‘gateway’ between networks. It lets secure and trusted connections through, while blocking less secure traffic and likely threats. The internet is a busy place, but e-commerce websites experience more ‘footfall’ or traffic than most other websites, making firewalls all the more important - but also much harder to configure and monitor.

If you run an e-commerce website, you’ll need to think about two types of firewall: an application gateway and a proxy firewall. The former will protect your website and network from outside threats and only let authorised connections through, which is particularly important if you’re using microservice architecture and composable technology to flesh out your e-commerce solution. A proxy firewall is a network security system that filters connections at the application layer, giving you a second line of defence. 

Invest In Anti-malware Software

Anti-virus and anti-malware software should also not be overlooked. If you’re running a commercial operation you should be looking to pay for high-end anti-malware instead of going for ‘lite’ or free versions, ensuring that your business will always have the built-in intelligence to identify the latest threats as they emerge. A third-party managed services provider can also perform this function for you, but if that’s currently outside of your budget an off-the-shelf anti-malware product will at least offer some cutting edge protection. 

Summary

The cyberthreat landscape is only going to get more perilous, particularly for small-to-medium-sized e-commerce businesses. Threat actors are opportunists and will take advantage of any weak link they can find in a chain, which is why supply chain attacks are beginning to soar in frequency. So when setting up online or expanding your online presence, be sure to partner with a web hosting solutions provider that takes security seriously - both in terms of how your website is hosted and where your data is stored.

Choosing a hosting provider that already has a firm grasp on security will at least get you off the starting block, and perhaps even one step ahead, when it comes to security. 

McKinsey:    Sophos:     eMarketer:

Neville Louzado is  Head of Sales at Hyve Managed Hosting

You Might Also Read: 

Why Is Retail Cyber Security So Weak?:

 

« Education Should Focus On Cyber Security
Stealthy Malware Hiding Behind An Invalid Date »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Free Access: Cyber Security Supplier Directory listing 5,000+ specialist service providers.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Perimeter 81 / Black Hat On-Demand Webinar

Perimeter 81 / Black Hat On-Demand Webinar

Black Hat On-Demand Webinar - Identity is the New Perimeter: This webinar will provide you with vital insights to help understand the need for Zero Trust and how it can transform your network.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ADF Solutions

ADF Solutions

ADF Solutions is a leading provider of digital forensic and media storage exploitation tools.

Mi-Token

Mi-Token

Mi-Token is an advanced two-factor authentication solution that offers unparalleled security, flexibility, cost-effectiveness and ease of use.

Epati Information Technologies

Epati Information Technologies

ePati Information Technologies is a specialist in information technology and cyber security.

TeraByte

TeraByte

TeraByte is an information security company which helps to educate and protect businesses from cyber security related risks.

DMARC360

DMARC360

DMARC360 analyzes your email traffic patterns and sources, rapidly deploys email authentication protocols and monitors your email domains with automated recommendations and incident response.

Eureka Technology Partners

Eureka Technology Partners

Eureka Technology Partners are committed to helping you focus on your business by taking care of your IT infrastructure and data security needs.

Ampion

Ampion

Ampion is a leading Australian provider of cyber security, DevOps and quality engineering services.

SessionGuardian

SessionGuardian

SessionGuardian (previously SecureReview) is the world's first and only technology which ensures second-by-second biometric identity verification of your remote user, from log on to log off.

InfoSec Brigade

InfoSec Brigade

InfoSec Brigade offers a suite of specialized solutions that help businesses to mitigate risk by integrating cyber and IT security protocols with business goals.