Many physical offices and brick-and-mortar locations are temporarily closed due to the coronavirus pandemic. Consumers are now turning to e-commerce channels for their daily needs. Majority of people in the US are purchasing goods through online stores and groceries. As a result, e-commerce sites have seen a 49 percent increase in their daily average sales.
However, the rise in online activities has prompted hackers and threat groups to exploit the situation. While it’s common for e-commerce websites to have security measures in place, cybercriminals are finding ways to circumvent these defenses. Recently, food container store Tupperware suffered a malware attack that cloned its payment form to collect user information. Smaller retailers and those only recently putting up e-commerce channels as means to cope with this shift are even more vulnerable to such attacks.
To cope with these threats, businesses have to perform threat and risk assessments and determine whether their cybersecurity measures are strong enough to capably prevent hacking attempts while the pandemic rages.
Attacks on e-commerce
Hackers typically exploit changes in organizations’ processes and people’s behaviors caused by crises. Wide-scale lockdowns have forced businesses and consumers to alter the way they do business. Cybercriminals are looking to capitalize and increase their attack’s chances of success.
One of the most common attacks cybercriminals use against e-commerce channels is credit card skimming. Typically, hackers look for vulnerable endpoints so that they can inject malware to siphon off customer data such as full names, contact details, and credit card numbers that are stored in an online store’s database. They can then sell these in the black market or use them to carry out other fraud attacks. Skimming activities in March are up by 26 percent compared to February.
A number of users of e-commerce giant eBay, for instance, reported having their accounts allegedly hacked and were used to make unauthorized transactions. Curiously, these incidents supposedly happened just about the time company’s customer service agents started working from home due to the outbreak. The absence of immediate customer support can deprive users of the ability to quickly restore access to their accounts, giving hackers more time to use these stolen accounts.
Hackers are also carrying out advertising fraud attacks against businesses. Normally, online stores pay websites that display their ads for every click or download they generate. Using botnets, hackers can generate bogus clicks and downloads to force companies to pay them for the fake engagement their sites created. Some hackers even set up bogus online stores and pharmacies selling low-quality face masks and fake coronavirus cures.
Impact of cyberattacks
Falling victim to cyberattacks can be devastating to businesses. Attacks can disrupt daily operations and force companies to temporarily halt their business. Downtime can mean lost income. Considering how digital channels are now the primary means for businesses to ensure continuity, disruption can mean total stoppage to operations.
Organizations may also have to pay hefty fines and compensate users who have their data compromised. The average cost of a data breach for small e-commerce websites is $86,500 while it costs an average of $4 million for large online stores. This can also result in companies suffering reputational damage that would require additional resources to fix.
Costly breaches during times of crises can even result in bankruptcy and closure, especially due to the massive economic crunch caused by the pandemic. Suffering from card fraud, scams, and identity theft can also greatly impact consumers who are already struggling financially.
Steps to take against attacks
To combat such threats, organizations must implement strong security measures. They can install antiviruses that can perform regular malware scans and eliminate malicious code. Firewalls can also be used to block suspicious traffic from entering corporate networks. Organizations can also adopt fraud prevention tools such 3D secure authentication that requires a PIN to validate a transaction. This is useful for credit card holders whose accounts have been compromised.
While these solutions can certainly help, they can still fall short. Hackers typically attempt attacks across all vectors until they find flaws in the organization’s infrastructure that they can exploit. A single vulnerable endpoint can cause a data breach. This is why it’s critical that organizations conduct continuous risk assessment of all potential vectors.
A way to address this is by performing constant security risk assessments. Fortunately, approaches such as breach and attack simulations (BAS) can now be performed to comprehensively test an organization’s security posture. Manual risk assessment requires significant resources and technical expertise that not all organizations have. Additionally, businesses do not have much time to conduct these tedious tests as hackers are now quickly ramping up their attacks.
For example, BAS platforms can run simulated attacks across vectors to assess how endpoint security such as antimalware solutions and firewalls perform against modern threats. The measures that fail to mitigate the simulated attack can be immediately adjusted or replaced with more formidable ones.
Performing regular risk assessment allows business and IT leaders to review their defenses and identify security gaps. This will help them make the necessary adjustments and reduce the risk of suffering an attack.
Stringent security is crucial
Considering the threats e-commerce channels face, organizations must ensure that their defenses are more than capable of mitigating cyberattacks. They can’t be complacent and rely on solutions that they have been using all this time. Security tools and protocols must be reviewed so that even the smallest flaw in the network will be identified and addressed. Performing regular risk assessment will be crucial if companies want to create a robust perimeter that hackers will find difficult to infiltrate in order to keep their operations and customers safe.