Malware is becoming an increasingly serious problem for many websites--especially eCommerce websites where sensitive customer data is dealt with on a daily basis. Many websites running the Magento platform are targeted every day, including 1,000 admin panels running this popular platform that are known to be compromised. This number continues to grow as researchers at Flashpoint learn more about the potential compromise of these systems. Since 2005, more than 11 billion individual records have been impacted in data breaches across the United States. With data theft only increasing, the links between eCommerce and website security are of greater importance than ever.
Who's at Risk?
Typically, it's the big data breaches that make the news: Target and Equifax, for example, were widely-known breaches that left customers scrambling to deal with the aftermath. Unfortunately, it's not just the big companies that face big risks from malware. Many hackers recognize that larger businesses have higher-level security than their small or medium counterparts. Attacking smaller businesses, therefore, often yields results with substantially less effort. 55% of small and medium businesses experienced a cyberattack within a single calendar year. Worse, small business owners may not even realize that they've been the victim of a cyberattack, which leaves them unable to close that gaping hole in their systems.
Secure Website Now
The Cost of Data Breaches
If data is stolen from your business, the cost can be high: the average cyber attack costs small businesses between $84,000 and $148,000. Unfortunately, that isn't just the cost of the data loss itself or even just the cost of recovering data that might have been stolen or encrypted with ransomware during the attack. The cost of data breaches also includes:
- Government fines due to inadequate cybersecurity protection
- Customer notifications
- Restitution for customer data that was stolen during the attack
It's also impossible to estimate the cost of lost business due to data breaches and other cyberattacks. Lost business includes business actually lost during website downtime. However, it can also include customers who choose to take their business elsewhere following a data breach or customers who, after visiting another website due to a data breach, choose to use that newly-found location for their business in the future.
The Biggest Threats to eCommerce and Website Security
Cross Site Scripting and SQL injection are among the biggest challenges faced by many websites. When your website is vulnerable to a cross site scripting attack, the code will access users' cookie data to understand their online behaviors and patterns, then impersonate them, potentially accessing sensitive data from the user's machine. While it's not a direct attack against your website, it can lead to the theft of sensitive customer data--and customers who are impacted by that attack won't take it lightly. SQL injection, on the other hand, places code into your data collection forms that gives the hacker direct access to your database, allowing them to collect confidential customer data directly from the source.
Your customers are also vulnerable to phishing scams that appear to come from your business. Making sure that your website is properly protected and offers the appropriate security notifications might not stop your users from being scammed. But, preventing hackers from being able to access your database and steal your email lists can reduce the odds that your customers will be targeted by this type of attack.
Protecting your website also includes protection from man-in-the-middle attacks, when hackers listen in on traffic between your website and its users in order to secure private data, and, of course, traditional malware attacks. Knowing these key vulnerabilities can help you take better steps to provide protection.
In addition to the other attacks that can hit your website, you’ll find that your website is vulnerable to a number of bot attacks. There are plenty of “good” bots out there on the internet, including the automatic coding that helps keep your website visible to search engines and bots that help track and improve website performance. Unfortunately, there are also bad bots that can have a negative impact on your website, including bots that collect information from customers and take over legitimate customer accounts, holding items or stealing sales of limited-release products, and even making purchases on stolen accounts. Bad bots can also throw off your analytics, since many site-tracking apps won’t be able to recognize bots as illegitimate traffic. Around 97% of websites have experienced at least some type of bad bot traffic, most notably in terms of price scraping–that is, stealing information about your pricing and inventory so that it can be sent on to your competitors. This strategy allows competitors to change their prices, ultimately stealing sales from you.
Properly Securing Your Website
In order to protect both your website and your users, it's important to take steps to increase your overall security. This includes:
Going beyond compliance. PCI compliance is a key element of website security, but hackers' tools often increase faster than compliance standards can keep up. Make sure that you're going beyond compliance in order to provide true security for your website and your customers.
Implementing regular malware and vulnerability scans. It's not just about your annual checkup or quality antivirus software, though that's part of the equation. Make sure that you're regularly scanning (monitoring) for a library of vulnerabilities, malicious and suspicious content (on both server-side and client-side levels), DNS/IP changes to help provide better protection for your business.
Updating your apps and programs regularly. Every application used through your website is another opportunity for a hacker to slip inside. Third-party attacks, when a hacker uses a known weakness in a program to exploit your system, are a common way to break into an otherwise secure system. Security patches are designed to help protect your system--which means you can't afford to let those updates slide by the wayside.
Blocking bad bots. Allow the good bots through, but make sure those bad bots are blocked to keep your data secure!
Using the right security layers. HTTPS encryption and SSL certificates will help ensure that your business is properly protected.
Keep firewalls in place. These vital firewalls can help protect your website and your internal network from malicious traffic.
Cybersecurity is no longer a fancy option that small businesses can afford to let slide. Thankfully, if you need to protect your eCommerce website, we're here to help! Whether you use Magento, WordPress, or another platform, we can help provide the vital layer of protection that your website and your customers need.