Online shopping is a prime example of how the internet’s vast potential can be utilised for the benefit of consumers and retailers as well. The rising popularity of e-commerce can be attributed to a variety of reasons.
For one, it’s convenient for people, they’re able to make purchases from anywhere at any time. With the UAE having one of the highest mobile penetration rates in the world, shoppers can also take advantage of businesses applications to purchase their items directly from their phones.
It’s also difficult to match the prices that online retailers are able to offer, compared to their brick-and-mortar counterparts. With online operations becoming increasingly lucrative, the added risk of cyber-attacks goes in hand with success as well.
The value of e-commerce in the UAE set to reach $10 billion by 2018, it becomes clear as to why cybercriminals view web business as such a prime target. Ones that have poorly written code, and unencrypted pages can easily be exploited for financial gain.
This becomes an even larger problem when thousands of transactions are conducted in a single day, the risk for a breach goes up simply due to the fact that there are more points to attack.
Online retailers should consider investing in Web Application Security Testing that actively monitors their webpage flagging potential security flaws. Once the user is alerted to the fact, they can begin patching the issue before it escalates to an uncontrollable level.
The potential of a security breach has put security at the top of nearly every retail IT department’s list. They know now that they can no longer remain complacent — so what else should businesses be doing to mitigate these risks and protect themselves?
• Close the SecOps gap: Security and IT Operations teams (SecOps) within organisations have traditionally been siloed functions making it difficult to quickly identify and respond to potential vulnerabilities. This siloed structure undermines efforts around security and compliance, and puts an organisation at risk for attack. Bridging these two functions can significantly reduce the response time to threats and speed the time to remediation, to ultimately strengthen the overall security posture against potential attacks.
• Continue to practice good cyber hygiene: Practising good cyber hygiene is like sports in that it is typically the team that executes on the fundamentals of the game that wins. Ensuring retailers protect and maintain systems and devices appropriately can be achieved by leveraging cyber security best practices.
For example, ensuring that only authorised devices are connected to company networks, limiting the applications or software running on company assets, securely configuring corporate assets, including removing default usernames and passwords and restricting the use of administrative privileges.
Just as important is continuously scanning and remediating vulnerabilities and misconfigurations in company assets.
Due to the very nature of their business, banks have always been high on the priority list for hackers. So much so that they’ve had to entirely revamp their protocol in order to protect the financial assets of their consumers.
Some banks have taken security to the next level, by requiring users to use a two-factor authentication password (e.g. keychain fob) every time they choose to login to their accounts online.
These devices are portable, easy to use and offer an extra layer of protection for consumers.
When making payments online, banks have also introduced an additional layer of security, which vary. For example, making a purchase may require the user to then receive a pin on their registered smartphone, which is valid for a few minutes to complete payment and also notify user in case it is not them making the purchase online.
In today’s complex security landscape, it is critical to be proactive and vigilant to protect against cyber threats in order to be as secure as possible. While retailers won’t be able to completely stop breaches and attacks, what they can do is minimise the risk, proactively address threats as they arise and be prepared.
— The writer is Managing Director at Qualys Middle East.