According to the latest security web scans and analysis performed on 7,800 Asian Magento websites, carried out by Foregenix, 78% are at high risk from hackers due to simple security oversight. -Incredible number, considering that we are talking about the most popular e-commerce platform globally. At least the figures fell sharply to around 40% for Magento 2 websites.
Graph of risk status across the globe
The global survey- which analyzed over 170,000 websites in total - also reveals that 1.5% of these sites (2,548) are infected with malware. Out of these infected sites, 1,591 were compromised by credit / debit card stealing malware which is actively harvesting their customers' data for subsequent sale and / or fraud.
A further 2.3% of all websites are vulnerable to Magento Shoplift, a vulnerability which was disclosed and patches made available in January 2015. This allows hackers to completely administer the website remotely, steal sensitive data and even order items for free through a single exploit command which is publicly available.
Foregenix, renowned globally for its work on payment security, has an active threat intelligence team researching and analyzing attack trends, with a strong focus on the e-commerce sector.
The research has been presented for the first time at the European Community Meeting of the Payment Card Industry Security Standards Council in London.
Foregenix CEO Andrew Henwood announcing his research at the PCI SSC European Community Meeting in London.
Foregenix has identified the absence of critical security patches and significant vulnerabilities for Asian SMEs, whereby the cybersecurity expert, CEO Andrew Henwood said: ‘While the figures for Asia are of great concern, they are roughly in line with our findings for many other regions such as Europe and North America. The issues highlighted are therefore a truly global problem, which threatens to undermine confidence in e-commerce, especially in markets leading the way in online sales. Repercussions as a result of compromises are heavy penalties by card providers and these put many smaller traders at risk.
Magento and other e-commerce platforms release regular software updates in response to vulnerabilities. These security patches, if not used, can leave websites highly vulnerable to hacking and loss of sensitive data, Foregenix highlights.
The fact is, that online businesses often assume web developers, agencies and hosting providers take care of security concerns. However, design agencies are great at producing beautiful, transactional websites that sell their goods, but their expertise on security issues generally isn't as well developed. Agencies and their clients need to be aware of e-commerce security flaws, as even a single breach can be devastating for a small business.
Simple precautions can make a real difference to reducing a company's risk from criminals such as regularly patching, changing default settings on the administration interface and using stronger passwords with multi-factor authentication. Risk can never be entirely eliminated, so companies should also consider investing in a partnership with a cybersecurity specialist organization and cyber insurance policy, Foregenix advises.
With a decade of experience in the Payment Card Industry (PCI), Foregenix helps merchants, payment processors, banks and other operators to ensure they are securing their environments effectively while complying with industry security standards. The company works mainly with clients in the Fintech, retail, e-commerce, hospitality, travel and insurance sectors, as well as banks and governments globally. Its specialists are drawn from backgrounds including law enforcement, counterterrorism and digital security.
Any business that wants to know whether its website is secure can run a scan for free, using similar technology that detected the issues above at http://webscan.foregenix.com.