Protecting Your E-Commerce Business Against Ransomware Attacks

Uploaded on 2021-12-20 in TECHNOLOGY--Resilience, FREE TO VIEW

Back in 2019, before terms like ‘lockdown’ and ‘self-isolate’ became embedded in our day-to-day conversations, e-commerce accounted for around 11% of all retail sales and was growing steadily. Today, due to the pandemic and how it’s influenced consumer behaviour, eMarketer predicts that this figure will more than double to nearly 25% in the next 24 months.

Put simply, the pandemic has accelerated the uptake of e-commerce dramatically, either as a replacement for brick-and-mortar retail or as a supplement to cater for consumers that have made the switch to online shopping permanently as a result of the crisis. 

In the US, for instance, e-commerce penetration was at 5% back in 2009 and steadily crept up to just over 15% in 2019. Three months into the pandemic, e-commerce penetration rocketed to nearly 35%. McKinsey described the technological leap as a ‘decade in days’ when reporting on the sheer pace of digital transformation in the sector. The direction of travel is clear.

We’ve been moving toward e-commerce steadily for years and the pandemic has acted as an incredibly effective catalyst in getting us there. But where there is disruption and rapid digital transformation, bad cyber actors are rarely far behind.

A recent report from IT security specialist, Sophos, revealed that retail is currently the one of the most at risk sectors when it comes to ransomware attacks. In the last year alone, 12% of online retailers have been the victim of an attack where customer data was held to ransom. While that may not sound high, it’s more than double the global average across all other sectors.

Retailers and other businesses moving to embrace e-commerce solutions therefore have a problem. With online sales soaring and businesses accelerating their digital presence to meet demand, how do they make sure their security processes and policies evolve at the same pace? 

The Importance Of Data Encryption

Data encryption should really be a given, but even today it’s possible to stumble upon a website and be greeted with a splash page or pop-up warning that the website isn’t secure. Most shoppers that see this message are likely to bounce quickly onto a competitor’s website to do their shopping there instead. An SSL certificate is what your website needs in order to demonstrate that customer data is being handled safely and securely. When a customer sends their data, such as their address or payment information, it inevitably goes through several terminals and data centres where it’s vulnerable to being attacked or intercepted. SSL ensures that this data is encrypted throughout that journey, keeping it secure and making it less of a target for bad actors. 

Using Firewalls To Their Fullest Potential

In simple terms, a firewall is effectively a ‘gateway’ between networks. It lets secure and trusted connections through, while blocking less secure traffic and likely threats. The internet is a busy place, but e-commerce websites experience more ‘footfall’ or traffic than most other websites, making firewalls all the more important - but also much harder to configure and monitor.

If you run an e-commerce website, you’ll need to think about two types of firewall: an application gateway and a proxy firewall. The former will protect your website and network from outside threats and only let authorised connections through, which is particularly important if you’re using microservice architecture and composable technology to flesh out your e-commerce solution. A proxy firewall is a network security system that filters connections at the application layer, giving you a second line of defence. 

Invest In Anti-malware Software

Anti-virus and anti-malware software should also not be overlooked. If you’re running a commercial operation you should be looking to pay for high-end anti-malware instead of going for ‘lite’ or free versions, ensuring that your business will always have the built-in intelligence to identify the latest threats as they emerge. A third-party managed services provider can also perform this function for you, but if that’s currently outside of your budget an off-the-shelf anti-malware product will at least offer some cutting edge protection. 

Summary

The cyberthreat landscape is only going to get more perilous, particularly for small-to-medium-sized e-commerce businesses. Threat actors are opportunists and will take advantage of any weak link they can find in a chain, which is why supply chain attacks are beginning to soar in frequency. So when setting up online or expanding your online presence, be sure to partner with a web hosting solutions provider that takes security seriously - both in terms of how your website is hosted and where your data is stored.

Choosing a hosting provider that already has a firm grasp on security will at least get you off the starting block, and perhaps even one step ahead, when it comes to security. 

McKinsey:    Sophos:     eMarketer:

Neville Louzado is  Head of Sales at Hyve Managed Hosting

You Might Also Read: 

Why Is Retail Cyber Security So Weak?:

 

« Education Should Focus On Cyber Security
Stealthy Malware Hiding Behind An Invalid Date »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Internet Storm Center (ISC)

Internet Storm Center (ISC)

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with ISPs to fight back against the most malicious attackers.

ID Quantique (IDQ)

ID Quantique (IDQ)

ID Quantique is a world leader in quantum-safe crypto solutions, designed to protect data for the long-term future.

Desec Security

Desec Security

Desec's training platform allows professionals around of the world to acquire knowledge and practical experience in Information Security.

Data Destruction London

Data Destruction London

Data Destruction London offers fast, confidential and compliant expert data destruction services to businesses and organisations in London.

S2T

S2T

S2T builds cyber intelligence solutions based on deep expertise in diverse domains such as intelligence, machine learning and AI, big data processing, statistics and linguistics.

Police Digital Security Centre (PDSC)

Police Digital Security Centre (PDSC)

PDSC is a not-for-profit organisation, owned by the police, that works across the UK in partnership with industry, government, academia and law enforcement.

BeyondTrust

BeyondTrust

BeyondTrust is a leader in Privileged Access Management, offering a seamless approach to preventing data breaches related to stolen credentials, misused privileges, and compromised remote access.

TalaTek

TalaTek

TalaTek is a full-service risk management firm providing expert services in risk management, cybersecurity, and compliance.

International College For Security Studies (ICSS)

International College For Security Studies (ICSS)

ICSS India offers technical education to students, clients and partners in IT Industry by our well qualified, certified and experienced trainers.

Verica

Verica

Verica uses chaos engineering to make systems more secure and less vulnerable to costly incidents.

Celebrus

Celebrus

Celebrus Fraud Data Platform, by D4t4 Solutions, works with existing fraud structures to augment functionality and turn fraud management into true fraud prevention.

BCyber

BCyber

BCyber is a Swiss Cyber Security company that provides security products, training, and managed services to protect diverse IT and OT environments against cyber, physical, and cyber-physical threats.

Sycope

Sycope

Sycope is focused on designing and developing highly specialised IT solutions for monitoring and improving network and application performance.

Brightside AI

Brightside AI

Brightside AI is a Swiss cybersecurity SaaS that helps teams combat AI-enabled phishing threats. Protect your team today.

Francisco Partners

Francisco Partners

Francisco Partners provide capital, expertise, and support for growth-aspiring technology companies.

SPYROS Information & Technology Consulting

SPYROS Information & Technology Consulting

SPYROS specializes in providing highly qualified professionals in Computer Network Operations, Signals Intelligence, Technical Training and Certifications, Network Administration and Security.