Your e-commerce platform faces constant threats

E-commerce sales spike significantly during the holiday season. For 2022, Deloitte expects e-commerce sales to grow by 12.8% to 14.3%, with Christmas e-commerce sales expected to reach USD260 billion to USD264 billion.¹

While this bodes well for e-commerce revenue, this spike in shopping and gift-giving also has weighty repercussions for logistics, waste management, and cybersecurity.

Holiday seasons are a great time for everyone, including cybercriminals. With people under added pressure from holiday shopping and travel, they’re less likely to have their guard up against online schemes and scams. Companies, especially e-commerce platforms, need heightened cybersecurity during the holiday season.

Judging from the increased incidence of robberies, theft, and fraud during the holiday season, cyber criminals love to take advantage of people’s vulnerabilities in the midst of merry-making and cheer.² The same goes online.

Phishing scams con people into clicking links and giving up personal information like their full name, password, and bank account details.³ Holiday-season scams have found their way online, using compromised emails, bank accounts, and credit cards to redirect payments to cyber criminals.⁴ Social media is also being used to spot potential targets for scams and fraud.

And these cyber crimes are costly, too. For 2021, non-payment or non-delivery scams cost people more than USD337 million, while credit card fraud accounted for another USD173 million in losses, according to the Internet Crime Complaint Center’s (IC3) annual report.⁵

E-commerce sites, in particular, are a favourite target of cybercriminals, as they contain a treasure trove of personal and financial information. Companies worldwide lose billions to e-commerce fraud; in 2021 alone, the value of losses due to e-commerce fraud increased by 18%, to USD20 billion from USD17.5 billion in 2020.⁶   

Businesses in the Asia-Pacific are more vulnerable to cyber attacks during the holidays.⁷ Cyber attackers tend to target companies during periods when they might be understaffed – often during the holiday season, particularly during the peak periods of Christmas all through the Chinese New Year.   

The seasonal influx of online orders ramps up cloud computing demands, placing a heavy burden on data centres and servers. While the cloud has helped organisations accommodate spikes in e-commerce traffic, it still has limitations that make it vulnerable to cyber-attacks.⁸

In a recent survey, 90% of respondents in e-commerce reported using cloud-based providers for service delivery. Among the surveyed e-commerce companies, 25% reported web security issues like malware, ransomware, or malicious code.⁹

Security remains a challenge among e-commerce players, as threats of hacking, data breaches, cyber defacement, and other high-stakes incidents put their reputations at risk. Aside from the actual cyber threats, e-commerce companies worry about how cyber attacks might impact their public image: 62% worry about hacking and cyber defacement, while 49% worry about brand damage and loss of consumer confidence.⁹

Don’t let cyber criminals ruin your holidays. Keeping digital platforms secure ensures a safer e-commerce experience for your customers year-round. Here’s how you can beef up your cybersecurity amid the holiday rush.

At least 59% of brands admit to using a single password across all their internal systems, especially on administrative accounts and public-facing log-ins.¹⁰ One way hackers can get into your accounts and steal vital information is when they can easily guess your password. If you use the same password across all your internal systems, you make it easier for hackers since they just need to crack one code.

In 2020, 37% of data breaches used stolen or weak credentials.¹¹ Make it a habit to generate a unique password for each system and update your passwords regularly, every 15 days if you can muster it.

Encourage your employees and customers to exercise good password hygiene, too.¹² Strong passwords should be at least eight to 12 characters long, with a healthy mix of upper and lowercase letters, numbers, and symbols. Aside from using different passwords across different sites, avoid sharing your login credentials with other people.

If you’re having a hard time generating and remembering all these passwords, use a password manager that generates unique passwords from an encrypted vault. Additionally, practise good digital hygiene, too. Avoid sharing personal data like your date of birth, home address, or any other particulars on social media which can be used to answer security questions.

Secure your e-commerce site through HTTPS hosting. HTTPS stands for Hypertext Transfer Protocol Secure; it instructs browsers to encrypt the data exchanged within a web page.¹³ Encryption helps disguise data, thereby lessening the chances that information can be viewed or manipulated. This is crucial for e-commerce sites, or any other website that houses sensitive information such as personal details and banking information.

Since it requires an SSL or TLS certificate, HTTPS hosting also improves your website security.¹³ SSL/TLS certificates, which act as digital identity cards, allow systems to verify the identity of websites and establish encrypted network connections through the Secure Sockets Layer/Transport Layer Security (SSL/TLS) protocol.¹⁴

Securing an HTTPS website also bodes well for your digital marketing team, as Google and other search engines favour HTTPS websites in organic search rankings.¹⁵ Having an HTTPS website sends a signal to online shoppers that they can shop and transact safely.  

Plug-ins and third-party integrations enhance capabilities or add functionalities without altering your website itself.¹⁶ While they add the necessary bells and whistles to your e-commerce site, they also have access to your customer data - and can be weak points that cyber criminals might exploit to steal that information.

To prevent any breaches through third parties, regularly take stock of all the plug-ins and third-party integrations you’re currently running within your e-commerce site.¹⁷ Check which ones are still being used, then retire the ones which no longer serve a purpose. Make sure you know what they are for and that you can trace their origin. Most importantly, assess your level of trust in these third parties and decide whether you will continue using the functionalities. 

Most software as a service (SaaS) platforms now recommend two-factor authentication for e-commerce sites to improve security.¹⁷ With this approach, users need to verify their identity through SMS or email confirmation. For added security, others recommend multi-factor authentication (MFA) across all systems and applications.¹⁸

Implementing additional authentication factors may feel like a burden to you and your customers, but it provides another layer of security and assurance that only you and your authorised users are logging on to your e-commerce site. 

The bulk of online shopping happens on mobile, either through smartphones or tablets. Mobile commerce volume will capture 42.9% of total e-commerce volume in 2024, equivalent to USD620.97 billion.¹⁹ It’s important to integrate mobile security as part of your overall cybersecurity plan.

Singtel helps e-commerce businesses stay secure on all fronts with Singtel Shield, a unified cloud security solution . The service protects all mobile devices through real-time control and reporting, enforcing security, data, and access policy. This means your enterprise can support any mobile endpoint, even as you scale operations.

To better monitor, detect, and respond to cyber threats in real-time, it’s important to have an impenetrable 24/7 Security Operations Centre (SOC).²⁰ While setting up a 24/7 SOC need not be too expensive or complex, many organisations still don’t have one or struggle to maintain one.

Companies who want to spare the expense of setting up their own 24/7 SOC can also tap into third-party security operations centre as a service (SOCaaS) providers.

Singtel’s cloud-native Trustwave Fusion platform lets you tap into the global network of Trustwave Security Operation Centres. Trustwave is Singtel’s global cybersecurity company. Experts monitor, detect and respond to cyber threats 24/7 at our nine global federated security operations centres. Cyber incidents are covered from start to finish—from initial monitoring to detection and remediation—all with end-to-end security. 

Are you still shopping for a reliable cybersecurity partner? At Singtel, we’ve got your cybersecurity wrapped and ready to go. With our full suite of capabilities, we can help your business strengthen its security posture to better defend its most valuable assets. Contact us today to get started.
 

References:
1. PR Newswire, Deloitte: Holiday Retail Sales Expected to Increase 4% to 6%, September 2022.
2. J.P. Morgan Private Bank, Add fraud prevention to your holiday plans, November 2022.
3. Federal Bureau of Investigation, Spoofing and Phishing, April 2022.   
4. J.P. Morgan Private Bank, Add fraud prevention to your holiday plans, November 2022.
5. Internet Crime Complaint Center, Internet Crime Report 2021, April 2022.
6. Help Net Security, eCommerce fraud losses to surpass $20 billion this year, May 2021.
7. SecurityBrief Australia, APAC businesses vulnerable to cyberattack during holidays, November 2022.  
8. Security Magazine, Cloud growth brings security concerns for e-commerce, March 2022.
9. A10 Networks, How Multi-Cloud Application Delivery is Impacting e-Commerce Technologies, October 2020.  
10. TechGuide Australia, Ecommerce Cybersecurity: How to Enhance Protection in 2022, March 2022.
11. Verizon, 2022 Data Breach Investigations Report, June 2022.
12. BigCommerce, What You Need to Know About Securing Your Ecommerce Site Against Cyber Threats, October 2021.  
13. Google Domains Help, Use Hypertext Transfer Protocol Secure (HTTPS) on your domain, 2022.
14. Amazon Web Services, What Is An SSL/TLS Certificate?, 2022.
15. SEO Sandwitch, Google Starts Using HTTPS As a Ranking Signal, January 2020.  
16. BigCommerce Essentials, What is a plug-in?, March 2022.
17. TechGuide Australia, Ecommerce Cybersecurity: How to Enhance Protection in 2022, March 2022.
18. SecurityBrief Australia, APAC businesses vulnerable to cyberattack during holidays, November 2022.  
19. Insider Intelligence, Rise of Mcommerce: Mobile Ecommerce Shopping Stats & Trends in 2022, April 2022.  
20. SecurityBrief Australia, APAC businesses vulnerable to cyberattack during holidays, November 2022.