The COVID-19 pandemic has created conditions for businesses that have never been seen before.
As many small and medium-sized businesses simply don’t have the option to open or are seeing a reduced footfall as a consequence of the global pandemic, some are choosing to invest in the online side of their company.
However, it is important that businesses understand that if they want to have a successful e-commerce store, they will need to invest additional resources into making their website secure and defending against cyber-attacks.
Here we look at how cybercrime is evolving in the post-COVID-19 world, and what businesses need to do to ensure that they are properly defended against the increasingly sophisticated attacks that are being deployed against them.
More online shopping = more cybercrime
With whole nations’ economies suffering from the effects of the COVID-19 pandemic, e-commerce and shopping online has been one of the rare success stories.
Where consumers have been unable to visit physical retailers due to government restrictions – or even hesitant to go shopping altogether due to concerns about the virus, they have turned instead to online retailers to fill the void.
Statistics reveal that March 2020 saw a 21% increase in online orders compared with March 2019 – and these numbers may have risen even further as the pandemic continues. But this growth in the use of online sites has created a secondary issue, which is the increase in cyber-attacks.
Cybercrime rose to a four-month high at the end of April, showing that as customers are more active online, so too are criminals.
Card skimming is a major problem
For those businesses ramping up their e-commerce sites, it is important to be aware of the latest challenges.
Magecart is a particularly nasty piece of card-skimming malware that is able to operate through businesses’ websites. This type of attack is very hard to detect, as shown by the fact that British e-retailer Páramo was infected with the malware for more than eight months before it was detected. During that time, the company lost the personal details of over 3,500 customers.
As people become more willing to make use of e-commerce sites, it is up to businesses to put in place the proper protections to ensure that sensitive customer details cannot be stolen.
The increased danger of open source software vulnerabilities
One challenge that has grown for e-commerce businesses over the past couple of years is that of open source software vulnerabilities.
Open-source software uses code that anyone can view, modify, or enhance – and while it has been hugely valuable to e-commerce businesses, it also carries with it a number of clear cybersecurity challenges.
Open-source software is popular because it is often free to use or can be modified to suit the individual needs of a business. But this popularity means that any vulnerabilities found in the code can be a massive problem across a huge number of websites. It’s a growing issue: in 2019 the number of open-source software vulnerabilities more than doubled.
It also seems that in the first half of 2020, through COVID-19, the problem has grown further. Whilst companies may be looking to make fast improvements to their websites, they must not leave themselves open to attack by using unpatched open source software with vulnerabilities.
Another issue for businesses is the rise in attacks on outdated or fake plugins. When companies use these compromised plugins on their sites it can lead to the spread of malware.
What can e-commerce sites do to enhance their cybersecurity?
It is important for businesses to recognise that the sophistication of modern cybercriminals and the methods that they employ require more than just than traditional antivirus and firewall software.
While these still have a role to play in the defence of the website, they are not enough on their own.
One of the most important aspects of cybersecurity for any e-commerce business is CREST penetration testing. A penetration test is an assessment of a website and network performed by cybersecurity professionals to attempt to discover if there are any vulnerabilities that could be exploited by cybercriminals.
There are also plenty of simple measures that businesses can put in place for stronger security. Staff training is undoubtedly enormously important, as well as setting strong administrator passwords.
Additionally, it is important to monitor your systems and assets, and encrypt web traffic.
While the COVID-19 pandemic has changed a great deal for businesses, there do remain many constants; and one of those is the need for improved cybersecurity.
Cybercriminals have become increasingly sophisticated in recent years, and the large number of new e-commerce sites necessitated by the pandemic provides them with new opportunities.
In these conditions, it is more important than ever to protect your customers.
Secure International Order Fulfillment
Floship is an e-commerce order fulfillment provider based in Hong Kong. We help companies from all over the world store, pick, pack and ship incoming e-commerce orders internationally at competitive prices and with top-notch service and integrations. We value privacy and secure data and therefore made sure our software is secure against cyber attacks and your information is safe at all times.
Do you need an order fulfillment provider who understands your business and provides you with industry leading service? Reach out to Floship for more information. One of our service consultants will be with you asap.