2020 saw a huge increase in e-commerce. While the pandemic may have played a big role in this, consumers themselves are now preferring to use e-commerce due to its simplicity and flexibility in getting things done. The demand for more e-commerce services has also seen more players entering the market to meet customer demand. But the big question that comes from all this is how safe is e-commerce? Is customer data really safe?
To understand better about the concerns most companies have when it comes to e-commerce, the threats that can cause problems and how to deal with them, CSA speaks to Joanne Wong, Vice President, International Markets for LogRhythm.
According to Joanne, when it comes to e-commerce, companies are concerned about the security of their business and customer data, and whether their network and payments systems are resilient to cyber attacks. With COVID-19 having accelerated digital adoption, even small businesses have started to offer their customers the option to purchase goods and services online.
These new e-commerce platforms that now offer different payment facilities could also be potential gateways for cybercriminals to attempt a break-in and harvest credentials and card details from insecure payment processing pages. Additionally, businesses with e-commerce websites are also faced with common security threats like Distributed Denial of Service (DDoS) and malware, in an attempt to either overload it with traffic to impact customer experience or gain access to company assets and network.
“While it is virtually impossible to instantaneously counter all cyber threats, what’s more important is having a cybersecurity strategy that is robust and agile enough to detect and respond to threats in the shortest possible time. Too often, businesses only find out that their cybersecurity has been compromised weeks later – if not months – which not only affects business operations and performance but is also detrimental to reputation and customer confidence”, said Joanne.
Now, e-commerce companies handle and store large amounts of data, such as a customer’s personal information, transactions, inventory and payment details. Following the impact of the COVID-19 pandemic, consumers today have grown even more accustomed to e-commerce and are now shopping more frequently online.
Joanne explained that this shift in consumer behaviour has not only resulted in an expansion of threat vectors for e-commerce companies but also in an exponential increase in the amount of data that has grown in the last several months.
While data protection is a priority for many e-commerce companies, Joanne pointed out that they are often faced with the challenge of budgetary limitations, where CISOs often have to make the difficult decision about which data they need to leave unprotected. Yet, unprotected data is undeniably one of the biggest contributors to data breaches, with 2019 having observed some of the largest-scale data breaches where hundreds of millions of records were leaked.
“This has given rise to the demand for true open and flexible licensing models, where companies are given complete visibility and protection to ingest and monitor all data that they store. Under LogRhythm’s first true unlimited data plan for our XDR stack, CISOs and CFOs will only need to pay one price for their entire contract, to protect all of their data, users and systems. The aim is to help remove the financial burden of our customers, and give them the flexibility to be able to scale when the need calls for it”, she added.
The Common Threats
Joanne highlighted that some of the most common threats in e-commerce include DDoS, where cyber attackers overload the website server with fake traffic to crash the website, thereby preventing consumers from accessing it. This particularly remains a holiday threat, where cybercriminals seek to divert consumers to other sites during peak shopping seasons or simply to impact sales. The other common threat is malware and ransomware, where attackers once again block users from accessing their own data until a ransom is paid.
At the same time, phishing and email scams have also been in the spotlight this year, as malicious cybercriminals target individuals with disguised content (purportedly from a company or brand they trust or most frequently been shopping at) to obtain personal and financial information. The recent fake grab advertisements is an example of how criminals sought to scam consumers by capitalising on the convenience of e-commerce.
“In today’s digital economy, e-commerce players need to recognise that not only do they have a role in educating consumers of the cyber risks, they need to also ensure they have processes and protocols in place to respond and remediate threats in the most effective and efficient way possible”, said Joanne.
In addition to the adoption of technologies such as Edge, Internet of Things (IoT) and Artificial Intelligence (AI), the threat landscape is made more complex by the shift to remote working, as more personal devices and home networks are connected to the office than ever before. However, there is hardly a foolproof or “one size fits all” approach to cybersecurity. As businesses adopt these new technologies like AI and IoT at rapid speeds, so are hackers and cybercriminals.
“What businesses need to do is to follow cybersecurity best practices as the central pillar in their cyber defence, and ensure that they have the capabilities to detect and respond quickly to threats. If it’s not already in place, businesses should also adopt a sound data-protection strategy, which can provide you with more predictability and flexibility in how much data you can protect, no matter how much data ingestion increases”, added Joanne.
To reduce the risk of data breaches, Joanne believes businesses should also consider adopting the Zero Trust Model by assuming that the network is hostile at all times, giving strict access to trusted identities, devices, networks and not trusting the rest. New technologies like AI and machine-learning should also be leveraged to better support human intelligence to improve the efficacy and efficiency of threat detection and remediation.
2021 will only continue to see increased demand for e-commerce services. While the threats will be there to pounce on vulnerabilities, businesses need to be sure that they are taking the right steps in not only protecting their consumers but also themselves.