Protecting Your E-Commerce Business Against Ransomware Attacks

Uploaded on 2021-12-20 in TECHNOLOGY--Resilience, FREE TO VIEW

Back in 2019, before terms like ‘lockdown’ and ‘self-isolate’ became embedded in our day-to-day conversations, e-commerce accounted for around 11% of all retail sales and was growing steadily. Today, due to the pandemic and how it’s influenced consumer behaviour, eMarketer predicts that this figure will more than double to nearly 25% in the next 24 months.

Put simply, the pandemic has accelerated the uptake of e-commerce dramatically, either as a replacement for brick-and-mortar retail or as a supplement to cater for consumers that have made the switch to online shopping permanently as a result of the crisis. 

In the US, for instance, e-commerce penetration was at 5% back in 2009 and steadily crept up to just over 15% in 2019. Three months into the pandemic, e-commerce penetration rocketed to nearly 35%. McKinsey described the technological leap as a ‘decade in days’ when reporting on the sheer pace of digital transformation in the sector. The direction of travel is clear.

We’ve been moving toward e-commerce steadily for years and the pandemic has acted as an incredibly effective catalyst in getting us there. But where there is disruption and rapid digital transformation, bad cyber actors are rarely far behind.

A recent report from IT security specialist, Sophos, revealed that retail is currently the one of the most at risk sectors when it comes to ransomware attacks. In the last year alone, 12% of online retailers have been the victim of an attack where customer data was held to ransom. While that may not sound high, it’s more than double the global average across all other sectors.

Retailers and other businesses moving to embrace e-commerce solutions therefore have a problem. With online sales soaring and businesses accelerating their digital presence to meet demand, how do they make sure their security processes and policies evolve at the same pace? 

The Importance Of Data Encryption

Data encryption should really be a given, but even today it’s possible to stumble upon a website and be greeted with a splash page or pop-up warning that the website isn’t secure. Most shoppers that see this message are likely to bounce quickly onto a competitor’s website to do their shopping there instead. An SSL certificate is what your website needs in order to demonstrate that customer data is being handled safely and securely. When a customer sends their data, such as their address or payment information, it inevitably goes through several terminals and data centres where it’s vulnerable to being attacked or intercepted. SSL ensures that this data is encrypted throughout that journey, keeping it secure and making it less of a target for bad actors. 

Using Firewalls To Their Fullest Potential

In simple terms, a firewall is effectively a ‘gateway’ between networks. It lets secure and trusted connections through, while blocking less secure traffic and likely threats. The internet is a busy place, but e-commerce websites experience more ‘footfall’ or traffic than most other websites, making firewalls all the more important - but also much harder to configure and monitor.

If you run an e-commerce website, you’ll need to think about two types of firewall: an application gateway and a proxy firewall. The former will protect your website and network from outside threats and only let authorised connections through, which is particularly important if you’re using microservice architecture and composable technology to flesh out your e-commerce solution. A proxy firewall is a network security system that filters connections at the application layer, giving you a second line of defence. 

Invest In Anti-malware Software

Anti-virus and anti-malware software should also not be overlooked. If you’re running a commercial operation you should be looking to pay for high-end anti-malware instead of going for ‘lite’ or free versions, ensuring that your business will always have the built-in intelligence to identify the latest threats as they emerge. A third-party managed services provider can also perform this function for you, but if that’s currently outside of your budget an off-the-shelf anti-malware product will at least offer some cutting edge protection. 

Summary

The cyberthreat landscape is only going to get more perilous, particularly for small-to-medium-sized e-commerce businesses. Threat actors are opportunists and will take advantage of any weak link they can find in a chain, which is why supply chain attacks are beginning to soar in frequency. So when setting up online or expanding your online presence, be sure to partner with a web hosting solutions provider that takes security seriously - both in terms of how your website is hosted and where your data is stored.

Choosing a hosting provider that already has a firm grasp on security will at least get you off the starting block, and perhaps even one step ahead, when it comes to security. 

McKinsey:    Sophos:     eMarketer:

Neville Louzado is  Head of Sales at Hyve Managed Hosting

You Might Also Read: 

Why Is Retail Cyber Security So Weak?:

 

« Education Should Focus On Cyber Security
Stealthy Malware Hiding Behind An Invalid Date »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

AtkinsRéalis

AtkinsRéalis

AtkinsRealis is a market-leading design, engineering and project management consultancy operating in fields ranging from infrastructure, through energy and transport to cybersecurity.

GeoLang

GeoLang

GeoLang’s Ascema platform protects sensitive information at the content level by identifying, classifying and tracking data across the corporate infrastructure.

OGiTiX

OGiTiX

OGiTiX Software AG is a German software manufacturer specializing in Identity and Access Management.

CRYPTTECH

CRYPTTECH

CRYPTTECH specializes in Information Security and Intelligence, Risk Evaluation and Vulnerability Recognition against Cyber-Attacks and APTs.

Wipro

Wipro

Wipro Limited is a leading global information technology, consulting and business process services company.

MedCrypt

MedCrypt

MedCrypt are a team of medical device experts focused on bringing modern cybersecurity features to the next generation of healthcare technology.

Penningtons Manches Cooper

Penningtons Manches Cooper

Penningtons Manches Cooper is a leading UK law firm providing high quality legal advice in areas including Data Protection, Cyber Security and Cyber Crime.

YorCyberSec

YorCyberSec

YorCyberSec act as a trusted Cyber and Information Security broker and procurement specialist. We help companies to Reduce Risk, Increase Assurance and Improve Performance.

Redpoint Security

Redpoint Security

Redpoint Security is an application security consulting firm that is focused on all aspects of code security.

Stronghold Cyber Security

Stronghold Cyber Security

Stronghold Cyber Security is a consulting company that specializes in NIST 800, the Cybersecurity Framework and the Cybersecurity Maturity Model Certification.

LogicBoost Labs

LogicBoost Labs

LogicBoost Labs has the expertise, experience, funding and connections to make your startup succeed. We are always interested in new ways to change the world for the better.

Ciphertex Data Security

Ciphertex Data Security

Ciphertex is a leading data security company that specializes in portable data encryption and privacy protection storage systems.

Salem Cyber

Salem Cyber

Salem Cyber builds Artificial Intelligence (AI) solutions that work collaboratively with people to address scalability challenges in cybersecurity operations.

Insight Enterprises

Insight Enterprises

Insight is a leading solutions integrator, helping you navigate today’s ever-changing business environment with teams of technical experts and decades of industry experience.

Xact IT Solutions

Xact IT Solutions

Xact IT Solutions are a certified cybersecurity firm offering cybersecurity, compliance and managed services.

Cyber Industrial Networks

Cyber Industrial Networks

Cyber Industrial Networks objective is to service the needs of industry in achieving reliable, robust and secure infrastructure that supports productivity.