Industry Trends

How to Enable Digital Business Security

By Courtney Radke | December 22, 2020

Since the rise of the Internet, businesses have been forced to continually shift their strategies to effectively compete in the digital marketplace. From on-demand to subscription-based offerings, all digital business models center on the use of various technologies to improve operational efficiency and the customer experience, thereby enhancing their overall value. But while digital-first strategies are proving to be beneficial across all business sectors, it is ecommerce that stands out as one of the most widely used models available. This was especially true in 2020, as many shifted to online shopping as a result of the COVID-19 pandemic. In fact, it is predicted that global B2C ecommerce sales will reach $4.5 trillion by 2021. 

Security Risks Impacting Digital Business

Digital business models such as e-commerce have become a critical component of the global economy. That said, they do come with their own set of risks. As organizations rush to digitize, cybersecurity is often left out of the equation for the sake of saving time and initial costs. However, when security is not woven into the framework of a digital strategy, organizations may end up losing the resources that they had initially fought to save. This fact alone should be of concern concerning for any digital business, especially those in the e-commerce space. 

A rise in online shopping has led to increased web traffic, something cyber criminals have been all too quick to exploit. And In 2020, this issue only grew more significant, further impacting the security of e-commerce sites. Between September and October alone, the FortiGuard Labs team saw a shocking 140% increase in attempted attacks targeting this the online retail space. With the knowledge that more people are shopping online now than ever before, cyber criminals have taken advantage of the increase in virtual queues and slow web processing times.

With digital transformation comes the expansion of the threat landscape, presenting various opportunities for cyber criminals to target unsuspecting individuals. One strategy that threat actors have adopted is placing ads or links on trusted websites to lead shoppers away from their secure browsing experience, usually with the promise of a great deal. Upon arriving at the fraudulent site, shoppers will be directed to enter access credentials – including a username and password – that a cyber criminal can then use on the real website to steal personal information. 

Through the deployment of phishing, malware, and man-in-the-middle attacks, and by leveraging Rogue Access Points (APs), cyber criminals can further their attempts to exploit wireless or proxy servers. Often, the goal here is to gain access to payment card information that can be used to fund other efforts. And while cyber threats such as these are unfortunately common across digital businesses in general, the lack of security measures across many e-commerce sites is particularly concerning considering the large portion of the public that shops online without understanding the potential risks.  

4 Steps to Enable Digital Business Security

The ecommerce space is extremely profitable, which is exactly why cybercriminals target these types of businesses. They rely on the fact that most individuals do not ask themselves, “How do I know if this online shopping site is safe?” For this reason, it is up to the business to implement strategies that will enable secure transactions from behind the scenes, stopping threat actors in their tracks before they can even reach customers. Below are just a few ways in which this can be accomplished: 

  1. Ensure Compliance: Meeting compliance standards is one of the most basic, yet critically important, ways that e-commerce sites can protect their customers. By taking certain steps, businesses can ensure they have laid a partial framework for combating cyber threats – this often means not storing more data than is necessary. Major cybersecurity-related regulations that e-commerce sites should comply with include: Payment Card Industry Data Security Standard (PCI-DSS), General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and International Organization for Standardization (ISO).

  2. Confirm Infrastructure is Up to Date: It is not surprising that outdated security is a top reason for repeated attacks. This often comes with basic misconfigurations on storage buckets and public cloud computing access systems, resulting in vulnerabilities that can be easily exploited. While this is undoubtedly an issue across all types of digital businesses, having up-to-date infrastructure within e-commerce is especially critical due to the complexity of these sites. In some scenarios, this could be as simple as upgrading a plug-in, but in other cases, entire systems and websites may have to be updated to manage vulnerabilities effectively. In other words, there is not a one-size-fits-all solution, and requirements will vary on a case-by-case basis.

  3. Require Strong Passwords: Both e-commerce sites and digital businesses, in general, should require customers to create passwords that cannot be easily guessed by cyber criminals. While this can come in the form of general recommendations (i.e., discouraging the inclusion of phone numbers or birthdays), it can also mean rejecting certain passwords altogether. To be effective in their security goals, websites should require passwords that contain a minimum of eight characters, including a combination of numbers, symbols, and uppercase and lowercase letters. Further, it is recommended that users leverage random word combinations (the revised passphrase method) or transform sentences into a password (the Bruce Schneier method). Above all, remember that length and obscurity are key.

  4. Maintain Updated SSL/TLS Certificates: While maintaining an updated SSL/TLS certificate is essentially table-stakes for e-commerce merchants due to PCI and other industry regulations, it is critical nonetheless, and doing so allows businesses to realize several benefits. From a security standpoint, they help ensure their websites can stand up to cyber threats, exploits, and website misuse while also keeping customer data secure by enforcing end-to-end encryption of data. From a reputational standpoint, the inclusion of “HTTPS” at the beginning of their page URL creates a sense of trustworthiness that will help customers feel more confident in the security of their digital experience. From a business standpoint, HTTPS allows for use of more powerful web platform features and API integrations that require permissions to execute such as Geolocation services.

While these strategies are all crucial to the security of digital businesses, each one cannot stand on its own. Instead, security teams must weave a framework of tactics such as these to deliver the highest level of protection to keep their organizations and their customers secure. 

Final Thoughts on Securing Digital Business

Digital transformation continues to change the way we do business, as well as what customers have come to expect. This is especially true across the ecommerce space. With more of the public shopping online now than ever before, businesses must ensure their websites can handle this influx of traffic, both from a performance and security standpoint. While there is no single foolproof way to manage ecommerce site security, businesses that take care to consider the basics when working to protect their customers set themselves up for success versus those that look to cut corners.

Find out how Fortinet’s Security Fabric delivers broad, integrated, and automated protection across an organization’s entire digital attack surface from IoT to the edge, network core and to multi-clouds.