The Top 3 Cybersecurity Threats Facing Ecommerce Sites Today

Adam Rowe

The pandemic-powered shift to working from home has turned Zoom into a household name and sent home-office furniture sales up 300%.

For many of the hundreds of millions of desk workers in the US, the sudden possibility of working from home is a huge benefit. It accommodates those with disabilities and adds needed flexibility to everyone balancing their life and work.

But the online work boom isn't all good news: Internet security issues are on the rise, and businesses are increasingly vulnerable now that their sensitive data is shuttling across potentially unsecured networks.

Cyber attacks on the rise

In the past 12 months, nearly 6 out of 10 organizations, 59%, have suffered from a “significant” security incident. The data is from the Global Information Security Survey, by Ernst and Young. The same survey found that 48% of executive boards believe that cyber attacks or data breaches will “more than moderately” impact their business across the next 12 months.

Granted, the rate of attacks is down from the immediate aftermath of the pandemic and lockdown: The FBI reported in April that complaints to their Cyber Division regarding cyberattacks had spiked by 400% from the number of reports they had been fielding pre-coronavirus.

Still, the attacks remain a serious concern, particularly for ecommerce businesses, as any online sales involve the exchange of sensitive customer data.

The threats to ecommerce

While any size of ecommerce site is open to attack, it's the smaller sites without robust security teams that need to ensure they stay on top of the latest threats. If your business is creating a secure online retail store, you'll need to know what to look for.

Luckily for us, researchers at the business VPN vendor NordVPN Teams have identified a few security threats worth considering.

Open-source software

Juta Gurinaviciute, Chief Technology Officer at NordVPN Teams, identified one risk. Open-source software, which is easy to modify and adapt, can hide vulnerabilities.

“Open-source software is popular because it is often free to use or can be modified to suit the individual needs of a business,” says Gurinaviciute. “But this popularity means that any vulnerabilities found in the code can be a massive problem across a huge number of websites.”

Plus, the COVID-19 pandemic has spurred some companies to rapidly switch to new software, potentially opening them up to multiple risks at once. The bottom line? Any unpatched, open-source software will leaves your website open to attacks.

Plugins

Similarly, plugins are often free, making them attractive to small business ecommerce sites. But they might be either designed with malicious intent, or are simply years out of date and therefore open to exploits.

E-skimming

This term refers to a type of malware specifically designed for ecommerce sites: It infects the checkout page, which is where customers enter their personal details, from email addresses to credit card information to the physical location they're shipping their purchases to.

Companies that have suffered data breaches due to e-skimming include Macy’s, Puma, and Ticketmaster. In August, Michigan State University disclosed an e-skimming attack that resulted in the loss of the credit card data of 2,600 customers.

Protecting your company

What steps can a small ecommerce business take to ensure their website remains safe? Upgrading or instating firewalls is a great first step, according to Gurinaviciute.

Other useful tips include multi-factor authentication and strong passwords.

“Companies can start with their firewalls (including web application firewalls), making sure the connection is secure, ensuring that passwords are strong, implementing multi-factor authentication, using intrusion detection systems, and constantly monitoring and updating web platforms,” Gurinaviciute says.

In the end, what's needed is a mentality shift. Ecommerce businesses must incorporate cybersecurity concerns into every step of their new business intiatives, starting with the planning stage — currently just 36% of organizations say they do so.

It's tough to know for sure that your company is safe: Only 20% of the boards surveyed by Ernst and Young say they are “extremely confident” that all their cybersecurity mitigation tactics will protect them from “major” cyber attacks. But with a little planning and awareness of the current trends, ecommerce sites can be relatively safe even during a pandemic.

And, if you're looking to build a secure ecommerce website, consider a couple of our favorite website builders for the job: Wix or Shopify.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Adam is a writer at Tech.co and has worked as a tech writer, blogger and copy editor for the last decade. He's also a Forbes Contributor on the publishing industry (and Digital Book World 2018 award finalist) and has appeared in publications including Popular Mechanics and IDG Connect. When not glued to TechMeme, he loves obsessing over 1970s sci-fi art.

Explore More See all news
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals