Cybersecurity Threats not to be ignored by SMB Etailers

Cybersecurity Threats

Cybersecurity Threats not to be ignored by SMB Etailers

Category : Blog

Cybersecurity Threats not to be ignored by SMB Etailers. Some small e-commerce website operators may think their relative obscurity offers protection, but the fact is that SMBs are especially vulnerable to cyberattacks and malware.

Cybersecurity Threats

“Very often small businesses don’t feel vulnerable to cybersecurity threats because they assume cybercriminals prefer to launch attacks on large companies,” said Stephanie Weagle, VP of Corero.

“On the contrary, cybercriminals have greater success in targeting small businesses,” she told the E-Commerce Times.

The most obvious attacks involve the use of overt malware, such as ransomware, or redirection to potentially competitive websites, noted Chris Olson, CEO of The Media Trust.

Other attacks “may insert embarrassing language on the homepage or stealthily execute unwanted programs such as cryptominers, toolbars and fake surveys,” he told the E-commerce Times.

There are three major cybersecurity threats SMB etailers can address effectively.

  1. Unvetted Open Source Code

SMBs that use open source software to keep down costs may increase their vulnerability to cyberattack, Olson suggested.

“There is no accountability for the developer community should a feature or plug-in be compromised,” he said.

“Thousands of retailers use open source platforms and tools to successfully launch their Web-based commerce operations,” Olson noted.

“These open source tools are compromised on a regular basis via extension corruptions or the creation of flawed versions,” he explained, “and as traffic and revenues grow, so does the attraction for criminals.”

Etailers should avoid using open source code that has not been thoroughly vetted, Olson recommended. “For a modest investment, etailers can identify all executing code, analyze its relevance to website functionality, and remediate anomalous activity that could propagate an attack.”

  1. Risky Third-Party Web Components

Third-party Web components “are a significant problem for small businesses,” said Sam Curcuruto, technology evangelist at RiskIQ.

Their users employ “a lot of plugins and open source code which can be exploited downstream to give hackers access to any Web properties running them,” he told the E-Commerce Times.

Among such exploits are keylogger software, which steals credit card data when customers make purchases online.

The Magecart malware package, for example, injects JavaScript code into e-commerce sites running unpatched or outdated versions of shopping cart software from Magento, Powerfront and OpenCart.

Etailers can combat threats posed by third-party Web components by selecting a reputable website hosting provider or Web development company, and “making sure your contracts or agreements with them include routine and periodic security reviews,” Curcuruto said.

They also should include a patching service level agreement, or SLA, “that notes how quickly updates will be applied to their servers and machines that might run your website or payment processing,” he continued.

That would not only address security concerns, but also ensure compliance with regulations such as PCI-DSS, Curcuruto pointed out.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

 RHCE  training

CEH V9  training

Diploma in Network Security Training

Secure Coding in Java

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advanced Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Digital marketing

CCNA training

Android Training


Leave a Reply

Show Buttons
Hide Buttons