Ecommerce security threats are on the rise due to the fast and constant growth in the field: in 2021, worldwide ecommerce sales are projected to reach $4.9tn.
Given that 33% of customers would stop shopping at a breached retailer for at least three months (19% would leave permanently), there’s a lot at stake.
To help you avoid security issues, let’s take a look at the top five cyber-threats to ecommerce that you should watch out for in 2021.
Bad Bots: More in Number and Sophistication
According to research by Imperva, bad bot traffic rose to a record-breaking 24.1% in 2019, compared to 18.6% in 2015. Now, almost one in four web requests is from bad bots and this figure is bound to rise even more.
On ecommerce sites specifically, bad bot traffic was measured at 17.7% by the same study, and the average sophistication level of bots has increased by 2.1% from 2018 to 2019.
Bad bots can be used by competitors for pricing scrapes so they can then beat you with lower prices, or by criminals to take over customer accounts and steal personal information or test stolen credit card data.
To protect your ecommerce company from bad bots, you should monitor failed login attempts, carefully examine traffic sources and block certain IP addresses when necessary.
E-Skimming Rising in Frequency and Scope
As with most forms of cybercrime lately, there has also been a rise in e-skimming cases. Not only is it becoming more frequent – the scope of e-skimming attacks is expanding as well, due to automation.
Essentially, e-skimming is credit card fraud where attackers exploit a security breach and install malicious software onto the payment processing page. By doing so, they get real-time access to the customers’ login credentials, personal data and credit card information.
Keeping yourself safe from e-skimming can be tricky, as it may be hard to recognize, but in general, you should make sure you’re visiting web pages with valid SSL certificates and keep an eye on your expenses.
Ransomware Becoming More Frequent with Higher Damages
In 2021, it’s predicted that a ransomware attack on businesses will take place every 11 seconds. To compare, in 2016 this figure used to be every 40 seconds, and the total damage from ransomware attacks is estimated to reach $20bn – 57-times more than in 2015.
This vast rise in attacks and damages is mostly caused by the fact that victims are willing to pay the ransom.
Especially great targets are Managed Service Providers (MSPs) as the whole client base using the service will be impacted. So for example, if you’re using an MSP to host your ecommerce store, you should make sure you select a hosting service with decent security measures and great customer service. Also, you should keep this in mind for any managed service that your online store is using.
Brute Force Attacks Have More Targets
The personalization trend in ecommerce has helped bring about a user-based approach: you sign up for an account, creating a username and a password.
However, according to the 2019 Global Data Risk Report by Varonis, 38% of users have passwords that never expire. Compared to 2018, this figure saw an increase of 10%.
This is fertile soil for attackers, making it much easier to crack weak passwords with brute force, whilst un-expiring passwords provide an infinite window of opportunity.
As it’s actually considered a security risk nowadays to frequently change passwords, you should instead make sure you only use strong passwords and possibly even two-factor authentication – no matter if you own an ecommerce website or simply have an account at someone else’s online business.
Phishing Attacks Still Going Strong
Phishing is still among the most common security threats. One of the oldest forms of cyber-attack, it’s still used in various ways to get sensitive data like credit card details, or infect organizations with ransomware or other malware.
As 58% of consumers are expecting to do more online shopping after the COVID-19 pandemic than before, offline businesses have more incentive to start their online presence. Attackers are eager to exploit any ecommerce platform that hasn’t invested in proper training on phishing-awareness and other cybersecurity threats.
Should a cyber-criminal get control of an administrator’s account on your online store, there’s a lot of harm that your business could suffer. To avoid this, make sure your staff are well trained to recognize and avoid phishing attempts. As a customer, use anti-virus software and never share your login credentials or other sensitive information with anyone.
In 2021, the ecommerce industry will keep on growing rapidly. As evidenced by the threats described above, we will see continued growth in the number and complexity of attacks as well as their financial impact. On top of that, an increasing number of attacks will be automated and more widespread.
Keep an eye out on these five ecommerce security threats and stay safe.