By Courtney Radke – Retail CISO at Fortinet
Since the rise of the Internet, businesses have been forced to continually shift their strategies to effectively compete in the digital marketplace. From on-demand to subscription-based offerings, all-digital business models center on the use of various technologies to improve operational efficiency and the customer experience, thereby enhancing their overall value.
But while digital-first strategies are proving to be beneficial across all business sectors, it is ecommerce that stands out as one of the most widely used models available. This was especially true in 2020, as many shifted to online shopping as a result of the COVID-19 pandemic. In fact, it is predicted that global B2C ecommerce sales will reach $4.5 trillion by 2021.
Digital business models such as ecommerce have become a critical component of the global economy, but they do not come without their own set of risks. As organizations rush to digitize, cybersecurity is often left out of the equation for the sake of saving time and initial costs. However, when security is not weaved into the framework of a digital strategy, organizations may end up losing the resources that they had initially fought to save. This fact alone should be of concern for any digital business, especially those in the ecommerce space.
A rise in online shopping has led to increased web traffic, something cybercriminals have been all too quick to exploit. And in 2020, this issue only grew more significant, further impacting the security of ecommerce sites. Between September and October alone, the FortiGuard Labs team saw a 140% increase in attempted attacks targeting this space. With the knowledge that more people are shopping online now than ever before, cyber criminals have taken advantage of the increase in virtual queues and slow web processing times.
With digital transformation comes the expansion of the threat landscape, presenting various opportunities for cybercriminals to target unsuspecting individuals. One strategy that threat actors have adopted is placing ads or links on trusted websites to lead shoppers away from their secure browsing experience, usually with the promise of a great deal. Upon arriving at the fraudulent site, shoppers will be directed to enter access credentials – including a username and password – that a cybercriminal can then use on the real website to steal personal information.
Through the deployment of phishing, malware, and man-in-the-middle attacks, and by leveraging Rogue Access Points (APs), cybercriminals can further their attempts to exploit wireless or proxy servers. Often, the goal here is to gain access to payment card information that can be used to fund other efforts. And while cyber threats such as these are unfortunately common across digital businesses in general, the lack of security measures across many e-commerce sites is particularly concerning considering the large portion of the public that shops online without understanding the potential risks.
The ecommerce space is extremely profitable, which is exactly why cybercriminals target these types of businesses. They rely on the fact that most individuals do not ask themselves, “How do I know if this online shopping site is safe?” For this reason, it is up to the business to implement strategies that will enable secure transactions from behind the scenes, stopping threat actors in their tracks before they can even reach customers. Below are just a few ways in which this can be accomplished:
While these strategies are all crucial to the security of digital businesses, each one cannot stand on its own. Instead, security teams must weave a framework of tactics such as these to deliver the highest level of protection to keep their organizations and their customers secure.
Digital transformation continues to change the way we do business, as well as what customers have come to expect. This is especially true across the ecommerce space. With more of the public shopping online now than ever before, businesses must ensure their websites can handle this influx of traffic, both from a performance and security standpoint. While there is no single foolproof way to manage ecommerce site security, businesses that take care to consider the basics when working to protect their customers set themselves up for success versus those that look to cut corners.