Cyberlytic news

E-Commerce Web Application Security Still Needs Improving

Online retailers are facing increasing challenges when securing their web applications from cybercriminals. More and more personal information is being collected when shoppers visit e-commerce websites, enabling retailers to offer a more tailored online experience and increased sales. Increasingly, social media is being used as a sales channel and AI bots communicate directly with shoppers, making it easier for consumers to make purchases and build up retailer brand loyalty.

 A major issue with this approach is that new tools, connections and automation potentially increases cyberattack surface. The e-commerce industry has traditionally been a popular target for hackers, as financial details and personal details are stored online. The prevalence of web application attacks is not slowing down, with research showing that the amount of attacks continues to grow.  This trend will continue as attackers see more opportunity to exploit vulnerabilities created by these new tools.

Online retailers are particularly at risk from the following web application attacks:

  • SQL Injection: This form of attack is highly damaging for a retailer and their customers as when successful, data can be breached via the databases that sit behind a website. This can include customer information, payment details, company details and login details.
  • Cross-site Scripting (XSS): XSS attacks are extremely common and are mostly associated with reputation loss for businesses that fall prey to them. This is because often the user of the application/website gets targeted rather than just the business.
  • Distributed Denial of Service (DDoS): DDoS attacks can cause significant financial loss as the website is made inaccessible by hackers who flood the website or server.

 A concern within the retail sector is that cybersecurity has not necessarily been as high a priority, as it has other industries, such as banking and healthcare. However, we are now at a point in time that a robust cybersecurity strategy is a must for every organisation, especially those who rely on their online presence for revenue. It is important that even small e-commerce businesses take web application security seriously, as ultimately, attackers are indiscriminate in their targeting and desire to steal data.

Visibility is key for organisations to protect their website. This can be achieved by monitoring for threats by using threat detection software that analyses HTTP web traffic. The traffic should be analysed for malicious activity by searching for anomalous behaviour, then further analysed to determine the security risk; so that the organisation can be alerted when they need to take action. New or sophisticated attacks offer a significate challenge to web application security, therefore, web application security software should be able to detect zero-day attacks and adapt to evolving threats.