As an ecommerce site, technology is at the heart of your business.
Cybersecurity and data protection rank among the top priorities for businesses that rely on technology to function. The 2019 Cost of Data Breach Report highlights that the average cost of data breaches in the US is $3.92 million.
The Global Information Security Survey finds that your customer data tends to be the number one target. It’s valuable for attackers because they can use it for a range of criminal enterprises, or sell it to others. If your business experiences a data breach, it’s not just about the cost of the data itself, but the reputational cost to your business too.
Besides data breaches, as an ecommerce business you should be vigilant against cyber attacks that seek to take down your website. Malware (malicious software) can hijack the functionality of your website, hold it for ransom, or even take it down altogether.
Like anything else technology-related, cybersecurity threats move and change rapidly. It can seem like a game of cyber whack-a-mole at times, as new threats raise their heads. For ecommerce businesses and any others heavy on technology, this means that your best bet is to stay ahead of the game as much as possible.
Here are some of the top cybersecurity trends heading into 2020:
The role of AI
AI (artificial intelligence) has seen rapid development over recent years. Expert predictions for 2020 are that we’ll see it playing more of a role in cybersecurity attacks:
“AI won’t only enable malware to move stealthily across businesses without requiring a human’s hands on the keyboard, but attackers will also use AI in other malicious ways, including determining their targets, conducting reconnaissance, and scaling their attacks.” -Marcus Fowler, Darktrace
Use of AI voice technology has already seen fraud committed using “deepfake”—where the fraudster uses AI to impersonate the voice of a real person. It is expected that this might open the door for the next wave of identity fraud, including phishing attacks. As business owners, it’s important to recognize this not only to protect your own business, but also to protect your customers.
Another potential avenue for AI attacks is the spread of disinformation. Most people will be familiar with this idea in a political sense, but there is vast potential for this to be used against businesses and other organizations too:
“In 2020, we will see more of the terrifying reality that deep learning algorithms can bring about in generating fake, but seemingly realistic images and videos. This application of AI will be a catalyst for large scale disinformation campaigns that are targeted and individualized to the behavioral and psychological profiles of each victim, furthering reach and impact.” -Pascal Geenens, Radware
On the flipside of this are companies that are merging AI into their cybersecurity measures to protect against threats. In 2020, it is expected that more companies will use predictive, proactive AI to help beat cybersecurity threats.
Data encryption advancements
As cyber attacks become more sophisticated, how we encrypt our data has had to become more advanced to stay ahead of the game.
Ecommerce stores are no different—you should have (or your platform provider should have) an advanced strategy for encrypting data. It’s not just about protecting your business and reputation, but complying with any laws that apply where you do business, too.
Recent advances in data encryption include:
- Distributed ledger technologies: You may have heard of distributed ledger in relation to digital currencies. It's a digital system for recording the transaction of assets in which the transactions and their details are recorded in multiple places at the same time. This means there is no centralized database or administration role. Each node of the network holds data, which creates a system that is difficult to successfully attack.
- Zero-knowledge encryption: In a nutshell, “zero-knowledge” means that no one but you has the keys to your data. This means no passwords are kept anywhere for backup in case you forget your password. Of course, this also means that if you’re likely to forget your password, zero-knowledge is probably not the best choice for you as you’ll be locked out from your data.
The point of encryption is as “insurance” if your data does get stolen. If it has been well-encrypted, your hope is that whoever stole it won’t be able to read it. This may sound like a bit of a cynical approach, but the fact is, it’s difficult to protect data from any hacker that is skilled and determined enough to access it. Even the NSA has been hacked previously.
Malware infections on devices
As we consider what to expect in the cybersecurity world in 2020, it pays to look at what we’ve already experienced in 2019. Kaspersky’s IT Security Economics in 2019 report reveals that around half of organizations endured a malware infection on company-owned devices. If your company has employees doing any sort of work from their own devices, it’s also worth noting that the report found around half also had malware infections on employee-owned devices.
Cyber attacks targeting mobile phones, in particular, rose by over 50% in 2019. These included attacks such as credential-theft, surveillance, and malicious advertising. Given that many companies now allow employees to use their own devices, enabling remote work and flexibility, there is legitimate concern over device attacks being used as a backdoor into companies.
Where does this leave your ecommerce business? It’s important to give careful thought to your policies for device use and your methods for protecting company-owned devices. It’s attractive for cyber attackers to target personal devices because they’re often not as well-protected as company-owned devices. This also means they don’t have the more difficult task of trying to target company accounts directly.
"Users need to protect their devices with a holistic solution that blocks malware and network attacks, and prevents data leakage and credentials theft, without affecting the user experience." -Danny Palmer, ZDNet
5G and IoT Data impacts
The adoption of 5G is becoming more and more widespread as infrastructure is added to enable it. The expected impacts of 5G rollouts include more connected IoT (Internet of Things) devices and a vaster array of data being collected. For example, healthcare apps are looking at collecting real-time data from users, and connected cars may monitor our movements.
This adds more possible vectors of cyber attack. IoT devices are already a known weak link—it’s possible that a hacker could be using your smart home to access data from your ecommerce business.
Some experts believe that the adoption of 5G will give rise to the first public disclosures of data breaches due to a mobile phone. 5G may result in gaps in traditional network security that hackers will look to exploit.
The purpose of cyber insurance is to provide protection for businesses or individual users from internet-based and IT infrastructure-based risks. For an ecommerce business, cyber insurance can help with business continuation in the event of a cyber attack, or compensation for loss (such as via business interruption insurance).
There are different types of cyber insurance on the market, and with the growth of cyber threats, these insurance policies are becoming a necessity for businesses and other organizations that operate online. Cyber insurance policies are predicted to morph and grow to account for the changing landscape of cyber threats.
You only have to consider what it might cost you if your ecommerce store were taken down by malware for a few days, or if you were held up by ransomware. A technology failure could also take you out for a period of time until it is able to be fixed.
As it stands, the digital economy tends to be severely under-insured against these cyber threats. It is predicted that more digital businesses will take up cyber insurance as knowledge of it expands.
Without wanting to sound all doom and gloom, cybersecurity threats are still an ever-present danger to businesses in 2020. It’s important that companies look to take a preventative approach, over and above a detection-focused approach as getting ahead is your best defense.
Take stock of your ecommerce business and how well you are protected against these cyber threats. Do you need to update any policies or security protocols? Do you have protection in place in the event of a breach?
Have you assessed your potential downtime risk? Take our free assessment here.