Protecting Your E-Commerce Business Against Ransomware Attacks

Uploaded on 2021-12-20 in TECHNOLOGY--Resilience, FREE TO VIEW

Back in 2019, before terms like ‘lockdown’ and ‘self-isolate’ became embedded in our day-to-day conversations, e-commerce accounted for around 11% of all retail sales and was growing steadily. Today, due to the pandemic and how it’s influenced consumer behaviour, eMarketer predicts that this figure will more than double to nearly 25% in the next 24 months.

Put simply, the pandemic has accelerated the uptake of e-commerce dramatically, either as a replacement for brick-and-mortar retail or as a supplement to cater for consumers that have made the switch to online shopping permanently as a result of the crisis. 

In the US, for instance, e-commerce penetration was at 5% back in 2009 and steadily crept up to just over 15% in 2019. Three months into the pandemic, e-commerce penetration rocketed to nearly 35%. McKinsey described the technological leap as a ‘decade in days’ when reporting on the sheer pace of digital transformation in the sector. The direction of travel is clear.

We’ve been moving toward e-commerce steadily for years and the pandemic has acted as an incredibly effective catalyst in getting us there. But where there is disruption and rapid digital transformation, bad cyber actors are rarely far behind.

A recent report from IT security specialist, Sophos, revealed that retail is currently the one of the most at risk sectors when it comes to ransomware attacks. In the last year alone, 12% of online retailers have been the victim of an attack where customer data was held to ransom. While that may not sound high, it’s more than double the global average across all other sectors.

Retailers and other businesses moving to embrace e-commerce solutions therefore have a problem. With online sales soaring and businesses accelerating their digital presence to meet demand, how do they make sure their security processes and policies evolve at the same pace? 

The Importance Of Data Encryption

Data encryption should really be a given, but even today it’s possible to stumble upon a website and be greeted with a splash page or pop-up warning that the website isn’t secure. Most shoppers that see this message are likely to bounce quickly onto a competitor’s website to do their shopping there instead. An SSL certificate is what your website needs in order to demonstrate that customer data is being handled safely and securely. When a customer sends their data, such as their address or payment information, it inevitably goes through several terminals and data centres where it’s vulnerable to being attacked or intercepted. SSL ensures that this data is encrypted throughout that journey, keeping it secure and making it less of a target for bad actors. 

Using Firewalls To Their Fullest Potential

In simple terms, a firewall is effectively a ‘gateway’ between networks. It lets secure and trusted connections through, while blocking less secure traffic and likely threats. The internet is a busy place, but e-commerce websites experience more ‘footfall’ or traffic than most other websites, making firewalls all the more important - but also much harder to configure and monitor.

If you run an e-commerce website, you’ll need to think about two types of firewall: an application gateway and a proxy firewall. The former will protect your website and network from outside threats and only let authorised connections through, which is particularly important if you’re using microservice architecture and composable technology to flesh out your e-commerce solution. A proxy firewall is a network security system that filters connections at the application layer, giving you a second line of defence. 

Invest In Anti-malware Software

Anti-virus and anti-malware software should also not be overlooked. If you’re running a commercial operation you should be looking to pay for high-end anti-malware instead of going for ‘lite’ or free versions, ensuring that your business will always have the built-in intelligence to identify the latest threats as they emerge. A third-party managed services provider can also perform this function for you, but if that’s currently outside of your budget an off-the-shelf anti-malware product will at least offer some cutting edge protection. 

Summary

The cyberthreat landscape is only going to get more perilous, particularly for small-to-medium-sized e-commerce businesses. Threat actors are opportunists and will take advantage of any weak link they can find in a chain, which is why supply chain attacks are beginning to soar in frequency. So when setting up online or expanding your online presence, be sure to partner with a web hosting solutions provider that takes security seriously - both in terms of how your website is hosted and where your data is stored.

Choosing a hosting provider that already has a firm grasp on security will at least get you off the starting block, and perhaps even one step ahead, when it comes to security. 

McKinsey:    Sophos:     eMarketer:

Neville Louzado is  Head of Sales at Hyve Managed Hosting

You Might Also Read: 

Why Is Retail Cyber Security So Weak?:

 

« Education Should Focus On Cyber Security
Stealthy Malware Hiding Behind An Invalid Date »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Gamma

Gamma

Gamma is a leading provider of Unified Communications as a Service (UCaaS) into the UK, Dutch, Spanish and German business markets.

Radware

Radware

Radware is a global leader of application delivery and cyber security solutions for virtual, cloud and software defined data centers.

OpenSphere

OpenSphere

OpenSphere is an IT company providing security consultancy, information system risk management and security management services.

French Expert Center Against Cybercrime (CECyF)

French Expert Center Against Cybercrime (CECyF)

CECyF is a centre of excellence for countering cybercrime in France.

Schneider Electric

Schneider Electric

Schneider Electric develops connected technologies and solutions to manage energy and process in ways that are safe, reliable and sustainable.

Cybercrowd

Cybercrowd

Cybercrowd is a cyber security specialist offering technical services, cyber security assessments, guidance and security thought leadership.

Convercent

Convercent

We offer comprehensive and integrated compliance management, reporting, and analytics. A 360-degree view of compliance drives efficiency by aligning initiatives and data into a single dashboard.

Government Communications Security Bureau (GCSB)

Government Communications Security Bureau (GCSB)

GCSB contributes to New Zealand’s national security by providing information assurance and cyber security to the New Zealand Government and critical infrastructure organisations.

Matrix42

Matrix42

Matrix42 software for digital workspace experience manages devices, applications, processes and services simple, secure and compliant.

Ziroh Labs

Ziroh Labs

Ziroh Labs leverages advanced cryptography to keep your highly sensitive, private data safe throughout the lifecycle of data.

Dualog

Dualog

Dualog provides a maritime digital platform which ensures that services work reliably and securely onboard.

Banshie

Banshie

Banshie is an independent cyber security company with a small team of recognized specialist that are among the best in their field.

Huntington Ingalls Industries (HII)

Huntington Ingalls Industries (HII)

Huntington Ingalls Industries is America’s largest military shipbuilding company and a provider of professional services to partners in government and industry.

Readynez

Readynez

Readynez is the digital skills concierge service that helps you ensure your workforce has the tech skills and resources needed to stay ahead of the digital curve.

Dynamic Networks

Dynamic Networks

Dynamic Networks provide Managed Cloud Services; Unified Communications; Security & Compliance Services and Network & Infrastructure Services for both Public Sector and Private sector businesses.

Abissi

Abissi

Abissi offer cyber intelligence, IoT security, automotive security, red teaming, application security and artificial intelligence security services, with a focus on security by design.