E-commerce – An Industry Under Constant Attack
Attacks on e-commerce businesses in Q2 2017
Of online retailers take several days to recover from an attack
Personal records leaked in 2016 alone
Of all attacks are on Joomla, Magento and WordPress
With the e-commerce segment’s rapid growth, it’s no surprise that cyber criminals are shifting their attention to online business. 88 million attacks were reported on e-commerce businesses in a single quarter this year, and data shows that cybercrime attacks typically increase more than 40% around Black Friday and Cyber Monday. Web security has never been more important for e-commerce businesses.
All attacks are not equal
A strong security posture looks different for different businesses. Web security for an e-commerce business requires a focus on certification and compliance, user access management and, most importantly, application specific rulesets that can block known exploits through patching and other strategies.
Detecting and Blocking an Attack
Identifying an attack quickly is key to web security and being able to prevent significant damage, whether it be a loss of customer data, or a complete site takeover. Being able to identify problematic behavior within a site, as well as through session analysis, leads to faster detection. The ability to quickly and easily create custom web security rules based on identifiers, such as attack behavior, location, IP address and global threat intelligence, provides a more complete view of traffic and trusted users, and gives retailers a fighting chance to continually improve their web security and protect themselves.
Understanding Known Threats
Cyber attacks are constantly evolving and are difficult to track. Yet, there are known threats and attackers in the cyber world that can sometimes be identified by their IP address through repeated attacks or association with malicious entities such as botnets. Public static IP lists that keep track of attackers can be outdated, and not useful. The ability of any application solution to adapt to growing threats and dynamically preventing known bad attackers from accessing the application is critical to enhance their level of security.
Protecting the Origin
A comprehensive security solution is as important as having a strong feature set. While cloud vendors, like CDNs, can protect traffic at the edge with strong security policies and rules, any attacker can circumvent the CDN by discovering the addresses of the origin and attacking it directly. This defeats all the built-in security policies and detection, so it is imperative to have any security solution include the protection of the origin, without encumbering the e-commerce application owner to deploy or maintain other solutions such as whitelisting endpoints.
There are good bots and bad bots. Good bots make sure your page is found by the people looking for relevant information. Bad bots scrape your site for information and pricing and allow your competitors to commoditize what you do. And the worst kind of bots want to damage your business and your reputation. Bots represent a significant web security challenge, making bot mitigation a critical task for your web security team. E-commerce businesses need to be reviewing every user session, at all times, to ensure it is legitimate behavior.
Are you sacrificing security for performance?
The additional steps needed to balance timely customer authentication and fraud management with fast page loads and smooth checkout processes is a constant challenge. Failing here can result in lost sales and irreparable damage to the corporate brand.
But users want the least amount of friction possible, so implementing end to end web security solutions that protect online stores all the way from the browser to the application back end are critical.
CASE STUDY | EVENT NETWORK
Learn how Event Network mitigated DDoS attacks and eliminated downtime and outages
HELP IS AT HAND!
Schedule a 15 minute call with our e-commerce specialists and we’ll help solve your challenges