WP Holiday "to-do list" for cybersecurity professionals working in eCommerce | Imperva

Holiday “to-do list” for cybersecurity professionals working in eCommerce

Holiday “to-do list” for cybersecurity professionals working in eCommerce

The period from mid-November to the end of the year is always particularly stressful for cybersecurity professionals in the eCommerce space. It seems like every hacker and cyber criminal on earth is trying even harder to steal customers’ data or stop digital business operations. And the reason it seems like that is because that is exactly what they are doing. The holiday period is a ‘perfect storm’ for bad actors to make mischief for eCommerce enterprises. For online retailers who do most of their business in the last two months of the year, insufficient security poses an existential threat.

The State of Security within eCommerce in 2021 delivers the findings of 12 months’ of data monitoring and research from Imperva’s global network, collected from more than 360 million web application attacks across trillions of HTTP requests. This expert analysis enables you to gain insight into the nature and impact of attacks targeting your organization. These insights will help your organization identify the steps necessary to mitigate data breaches and operate at peak efficiency when more shoppers are on your websites than at any other time of the year. Download the report here.

There are practices that security professionals can implement today that will help mitigate DDoS attacks, bad bot attacks, and other malicious activity that results in data theft and customers’ inability to acquire the products they want from your eCommerce website. Here are six “to-do list” items you can start working on right now:

  1. Stress-test your infrastructure in advance of high traffic volume and make sure you are properly protecting against DDoS attacks across all web resources, including DNS.
  2. Put a bot management solution in place to allow only legitimate customers into your website. Otherwise, advanced bots will try to scoop up your products and deny legitimate users from buying.
  3. Ensure user passwords require a minimum number of characters, use of capitals, numbers, symbols, etc. Implementing multi-factor authentication (MFA) and encourage customers to use it.
  4. Ensure new pages like login pages, checkout forms, and gift card functionality are properly protected by a bot mitigation solution.
  5. Consider using a specialized tool to help identify and assess the risks of JavaScript-based services, as well as enable you to block unauthorized ones from executing. Targeting eCommerce sites with a lot of transactions during times of high traffic is an ideal strategy for attackers.
  6. Beware of holiday phishing. Bad actors can masquerade as your brand, sending fake emails that offer coupons and gift cards. Alert customers and employees of any suspicious campaign making use of your brand.

Download this infographic to learn more about the state of security in eCommerce and get a convenient single sheet containing this “to-do list”.