As is well-known, online shops require a particularly large number of protection mechanisms to fight IT attacks, but smaller companies should be well-prepared, too: Cyber criminalslike to use security gaps in outdated versions of the shop software to inject malicious program codes that spy out the customer's payment information during the ordering process and send it to the perpetrators. The locked in code and the associated data flow is usually not visible to users, therefore it is very important to have the newest security measures in place.
The most important and most straight forward measure for a secure online store is simply keeping all software up to date and implementing updates immediately. The so-called OWASP (Open Web Application Security Projects) listed e.g.the ten largest security vulnerabilities for web applications that shop owners should know well, as it gives them a good overview of the pitfalls that exist in the structure and maintenance of web applications. But probably the best way for online traders to rely on a professional security solution, such as a Web Application Firewall combined with a Customer Identity and Access Management (IAM) solution. Since such a solution is connected upstream of individual web applications, it protects them even if there are open security gaps.
Unfortunately, data security often goes by the board for cost reasons, but such negligence can result in existence-threatening damages for online retailers, as they have a great responsibility in securing customer data. Legislative authorities see it also that way and therefore demand from them heightened protection.
Clearly, the methods of hackers are becoming more and more sophisticated and threats are steadily increasing. Irrespective of the fact that security gaps in programs repeatedly reveal data involuntarily, such gaps (as e.g. seen in the widespread Magento shop software) might allow the inward transfer of a harmful program code into obsolete versions, putting dealers at risk. That’s why it is highly recommended to use professional security solutions such as Web Application Firewalls, preferably in combination with a Customer IAM solution.
You could be next
The "State-of-the-Internet" report by Akamai shows similar results, namely that cyber-attacks are a big risk for online shops, with the number of attacks growing and the dimension of attacks significantly increasing. It has now become quite easy to use the so-called "darknet" cyber-attacks on web shops, especially since cybercrime has different characteristics - from hacking over ransomware to DDoS attacks.
While usually common sense is sufficient – such as not to open any unknown data files or using no outdated software - DDoS attacks require technical aids. Although any managed hosting provider runs by default a basic protection in the datacenter, that's unfortunately in general not sufficient for major attacks. Therefore, additional DDoS mitigation solutions are offered.
Roughly, it can be differentiated between CDN-based solutions, DDoS scrubbing centers, and hardware solutions that are upstream of the infrastructure. Which solution you should choose depends mainly on the threat and your available budget. A quite cost-effective solution represents a novel ‘shared DDoS protection’. In accordance with the cloud principle, several customers share a protection entity, which reduces the costs for the individual.
Better safe than sorry
Apparently, companies - whether big or small - can fall prey to DDoS attacks or related attempted extortion, therefore, shop owners should ensure early protection and not only when the blackmail has already been received. Because neither can protection be established in time - usually the blackmailers give only 24 hours - nor do the aggressors rest once they were successful with an extortion.
Overall, a trend towards ever stronger and prolonged attacks is currently looming, as e.g.the Akamai report stated, claiming that the number of attacks over 100 Gbit /s has risen by 140%. Furthermore, many analysts assume that phenomena such as the Mirai botnet, which had captured unprotected IoT devices as sources for DDoS attacks, will accumulate in the future and everybody is convinced that attacks will become more complex and often spread across multiple attack vectors. So, try your best to stay safe and give hackers like the Shadow Brokers – the group believed to be linked to the leak of the US government’s cyberweapons – a hard time. Especially since they threatened to release more hacking tools soon that are said to manage exploiting newer computers running Windows 10 or mobile devices using the Android operating system.
By Daniela La Marca