Protecting Your E-Commerce Business Against Ransomware Attacks

Back in 2019, before terms like ‘lockdown’ and ‘self-isolate’ became embedded in our day-to-day conversations, e-commerce accounted for around 11% of all retail sales and was growing steadily. Today, due to the pandemic and how it’s influenced consumer behaviour, eMarketer predicts that this figure will more than double to nearly 25% in the next 24 months.

Put simply, the pandemic has accelerated the uptake of e-commerce dramatically, either as a replacement for brick-and-mortar retail or as a supplement to cater for consumers that have made the switch to online shopping permanently as a result of the crisis. 

In the US, for instance, e-commerce penetration was at 5% back in 2009 and steadily crept up to just over 15% in 2019. Three months into the pandemic, e-commerce penetration rocketed to nearly 35%. McKinsey described the technological leap as a ‘decade in days’ when reporting on the sheer pace of digital transformation in the sector. The direction of travel is clear.

We’ve been moving toward e-commerce steadily for years and the pandemic has acted as an incredibly effective catalyst in getting us there. But where there is disruption and rapid digital transformation, bad cyber actors are rarely far behind.

A recent report from IT security specialist, Sophos, revealed that retail is currently the one of the most at risk sectors when it comes to ransomware attacks. In the last year alone, 12% of online retailers have been the victim of an attack where customer data was held to ransom. While that may not sound high, it’s more than double the global average across all other sectors.

Retailers and other businesses moving to embrace e-commerce solutions therefore have a problem. With online sales soaring and businesses accelerating their digital presence to meet demand, how do they make sure their security processes and policies evolve at the same pace? 

The Importance Of Data Encryption

Data encryption should really be a given, but even today it’s possible to stumble upon a website and be greeted with a splash page or pop-up warning that the website isn’t secure. Most shoppers that see this message are likely to bounce quickly onto a competitor’s website to do their shopping there instead. An SSL certificate is what your website needs in order to demonstrate that customer data is being handled safely and securely. When a customer sends their data, such as their address or payment information, it inevitably goes through several terminals and data centres where it’s vulnerable to being attacked or intercepted. SSL ensures that this data is encrypted throughout that journey, keeping it secure and making it less of a target for bad actors. 

Using Firewalls To Their Fullest Potential

In simple terms, a firewall is effectively a ‘gateway’ between networks. It lets secure and trusted connections through, while blocking less secure traffic and likely threats. The internet is a busy place, but e-commerce websites experience more ‘footfall’ or traffic than most other websites, making firewalls all the more important - but also much harder to configure and monitor.

If you run an e-commerce website, you’ll need to think about two types of firewall: an application gateway and a proxy firewall. The former will protect your website and network from outside threats and only let authorised connections through, which is particularly important if you’re using microservice architecture and composable technology to flesh out your e-commerce solution. A proxy firewall is a network security system that filters connections at the application layer, giving you a second line of defence. 

Invest In Anti-malware Software

Anti-virus and anti-malware software should also not be overlooked. If you’re running a commercial operation you should be looking to pay for high-end anti-malware instead of going for ‘lite’ or free versions, ensuring that your business will always have the built-in intelligence to identify the latest threats as they emerge. A third-party managed services provider can also perform this function for you, but if that’s currently outside of your budget an off-the-shelf anti-malware product will at least offer some cutting edge protection. 

Summary

The cyberthreat landscape is only going to get more perilous, particularly for small-to-medium-sized e-commerce businesses. Threat actors are opportunists and will take advantage of any weak link they can find in a chain, which is why supply chain attacks are beginning to soar in frequency. So when setting up online or expanding your online presence, be sure to partner with a web hosting solutions provider that takes security seriously - both in terms of how your website is hosted and where your data is stored.

Choosing a hosting provider that already has a firm grasp on security will at least get you off the starting block, and perhaps even one step ahead, when it comes to security. 

McKinsey:    Sophos:     eMarketer:

Neville Louzado is  Head of Sales at Hyve Managed Hosting

You Might Also Read: 

Why Is Retail Cyber Security So Weak?:

 

« Education Should Focus On Cyber Security
Stealthy Malware Hiding Behind An Invalid Date »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Kaspersky Lab

Kaspersky Lab

Kaspersky Lab is one of the world’s largest privately held vendors of endpoint cybersecurity solutions.

MNCERT/CC

MNCERT/CC

MNCERT/CC is the national Computer Emergency Response Team for Mongolia.

National Association of Software and Services Companies (NASSCOM)

National Association of Software and Services Companies (NASSCOM)

NASSCOM is a trade association of Indian Information Technology and Business Process Outsourcing industry. Areas of activity include cyber security.

Technology Industries of Finland (TIF)

Technology Industries of Finland (TIF)

Technology Industries of Finland (TIF) is a business and labour market lobbying organization that promotes the competitiveness and business conditions of Finland’s most crucial export industry.

Telspace Systems

Telspace Systems

Telspace Systems provides penetration testing, vulnerability assessment and training services.

AppViewX

AppViewX

AppViewX is a global leader in the management, automation and orchestration of network services in data centers.

BooleBox

BooleBox

Boolebox is the innovative suite of enterprise data protection applications that preserve the integrity and confidentiality of data from any unauthorized access.

Dutch Accreditation Council (RvA)

Dutch Accreditation Council (RvA)

RvA is the national accreditation body for the Netherlands. The directory of members provides details of organisations offering certification services for ISO 27001.

Proton Data Security

Proton Data Security

Proton Data Security is a certified small business specializing in the design, manufacturing and sales of data security products for permanent erasure of hard drives, tapes and optical media.

u-blox

u-blox

u-blox deliver leading wireless technology to reliably and securely locate and connect people and devices.

SAST

SAST

SAST provide Static Application Security Testing as a service based on SAST Tools.

RIA in a Box

RIA in a Box

MyRIACompliance combines our team of RIA compliance experts with an online software platform to help investment advisers better manage regulatory compliance and cybersecurity responsibilities.

Siemens

Siemens

Siemens Industrial Security Services provide solutions for cybersecurity in automation environments based on the recommendations of the international standard IEC 62443.

Stratejm

Stratejm

Stratejm, a Next Generation Managed Security Services Provider, brings innovation and thought leadership to the fight against cyber criminals.

Panacea Infosec

Panacea Infosec

Panacea Infosec is a leading provider of information security compliance services. We help our clients in protecting their data, reducing security risks and fighting cybercrime.

Buchanan Technologies

Buchanan Technologies

Buchanan Technologies is a leading IT consulting and outsourcing services firm. Our methodology transforms everyday technology investments into streamlined, secure and scalable solutions.