Protecting E-Commerce from Cyberattacks

On September 23, our Cybersecurity Lead, Cédric Mauny, spoke at the PIN CODE event organized by Legitech on the theme: “E-Commerce: A Risk-Free Activity?” He shares with us the key challenges facing e-commerce players in the context of growing cyber threats.

E-commerce has become an important diversification channel for many organizations of all sizes, experiencing significant growth in recent years. This expansion has accelerated dramatically in recent months due to the health crisis. Regardless of the country, studies consistently show an increase of around 95% in visits to e-commerce websites and triple-digit growth in related sales during the second quarter of 2020.

Investing in e-commerce offers real opportunities to maintain and grow business activity. However, being highly exposed online also means facing significant risks.

“More and more organizations are turning to e-commerce to maintain revenue due to past lockdown measures and ongoing social distancing rules, which have slowed foot traffic in physical stores,” confirms Cédric Mauny, Cybersecurity Lead at Proximus NXT. “Unfortunately, this trend is also accompanied by an increase in attempted attacks. The COVID-19 crisis has highlighted this, with a surge in cyberattack opportunities linked to online financial transactions.”

Four Key Challenges for Securing E-Commerce

It is therefore essential for any online organization to protect both its business and its customers by focusing on four key challenges.

“The first is ensuring the confidentiality of communications, the second is maintaining data integrity, the third is ensuring service availability, and the fourth is guaranteeing traceability of operations,” summarizes Cédric Mauny.

A data breach can severely damage the reputation of an e-commerce platform and threaten its long-term viability. “Customer data is now highly sought after by cybercriminals. They use it directly or resell it to other malicious actors who exploit it in turn. We are witnessing the emergence of a real cybercrime market,” he explains.

In this context, e-commerce businesses must protect all the data they handle, some of which is highly sensitive. “One recommendation is to minimize the amount of data collected. The more data you store, the higher the risks—and the higher the protection costs. This is even more critical when considering GDPR requirements for personal data protection.”

Facing Well-Informed Cybercriminals

The availability of an e-commerce service can also be compromised in several ways. For example, ransomware (cryptolocker) can encrypt all company data. Garmin was recently a victim of such an attack. Distributed Denial of Service (DDoS) attacks, which overload systems by flooding them with requests, can also occur. In both cases, the organization becomes paralyzed.

“Cybercriminals then offer transactions to unlock data or stop malicious traffic,” continues Cédric Mauny. “They are often highly aware of the potential impact, especially knowing what revenue losses can mean for an e-commerce platform during peak periods such as the end-of-year holiday season.”

Prevent, Detect, Respond, Improve Security

Companies must therefore be aware of these risks and implement appropriate preventive measures.

“For example, it is possible to deploy solutions that distinguish legitimate traffic from malicious requests at the internet connectivity level, ensuring that real customers can access the service without disruption during their purchasing journey,” explains Cédric Mauny.

It is also essential to secure platforms by conducting risk analyses, security testing, and verification at each stage of development to ensure the robustness of implemented controls. Continuous monitoring is also necessary to detect suspicious behavior.

If adequate preventive measures are not in place, companies may suffer a security incident that can jeopardize their entire business. This can lead to both financial losses and reputational damage.

Cyber insurance solutions exist to cover system recovery costs, regulatory notification expenses, and revenue loss. However, it is important to remember that no reactive approach can provide a better return on investment than a preventive one, reminds Cédric Mauny.

Ensuring, Preserving, and Strengthening Trust

“Security concerns not only internal company systems but also its partners, such as those involved in transaction processing and payments. Every link in the chain must meet the same level of security standards. Customer trust is at stake,” concludes Cédric Mauny.

“If a customer experiences a data breach or poor service, they will turn to a competitor. Over time, the losses can therefore be enormous. Companies must continuously ensure, preserve, and strengthen customer trust.”

It is therefore essential for organizations to reassure customers about their ability to manage security effectively.

In the current context and in the future, protecting online business and customers requires better risk prevention. It is crucial to implement measures that enable rapid detection of anomalies, provide effective incident response, and embed security into a continuous improvement approach.