Cybersecurity Threats not to be ignored by SMB Etailers
Category : Blog
Cybersecurity Threats not to be ignored by SMB Etailers. Some small e-commerce website operators may think their relative obscurity offers protection, but the fact is that SMBs are especially vulnerable to cyberattacks and malware.
“Very often small businesses don’t feel vulnerable to cybersecurity threats because they assume cybercriminals prefer to launch attacks on large companies,” said Stephanie Weagle, VP of Corero.
“On the contrary, cybercriminals have greater success in targeting small businesses,” she told the E-Commerce Times.
The most obvious attacks involve the use of overt malware, such as ransomware, or redirection to potentially competitive websites, noted Chris Olson, CEO of The Media Trust.
Other attacks “may insert embarrassing language on the homepage or stealthily execute unwanted programs such as cryptominers, toolbars and fake surveys,” he told the E-commerce Times.
There are three major cybersecurity threats SMB etailers can address effectively.
- Unvetted Open Source Code
SMBs that use open source software to keep down costs may increase their vulnerability to cyberattack, Olson suggested.
“There is no accountability for the developer community should a feature or plug-in be compromised,” he said.
“Thousands of retailers use open source platforms and tools to successfully launch their Web-based commerce operations,” Olson noted.
“These open source tools are compromised on a regular basis via extension corruptions or the creation of flawed versions,” he explained, “and as traffic and revenues grow, so does the attraction for criminals.”
Etailers should avoid using open source code that has not been thoroughly vetted, Olson recommended. “For a modest investment, etailers can identify all executing code, analyze its relevance to website functionality, and remediate anomalous activity that could propagate an attack.”
- Risky Third-Party Web Components
Third-party Web components “are a significant problem for small businesses,” said Sam Curcuruto, technology evangelist at RiskIQ.
Their users employ “a lot of plugins and open source code which can be exploited downstream to give hackers access to any Web properties running them,” he told the E-Commerce Times.
Among such exploits are keylogger software, which steals credit card data when customers make purchases online.
Etailers can combat threats posed by third-party Web components by selecting a reputable website hosting provider or Web development company, and “making sure your contracts or agreements with them include routine and periodic security reviews,” Curcuruto said.
They also should include a patching service level agreement, or SLA, “that notes how quickly updates will be applied to their servers and machines that might run your website or payment processing,” he continued.
That would not only address security concerns, but also ensure compliance with regulations such as PCI-DSS, Curcuruto pointed out.
Most Popular Training Courses at Indian Cyber Security Solutions