Search Blog for

Holidays Are Coming – the State of Security for E-commerce in 2020
:

Holidays Are Coming – the State of Security for E-commerce in 2020

With the Coronavirus pandemic driving consumers online, a new report from Imperva reveals how this year’s holiday shopping season will present online retailers with a level of traffic – and cyber-attack threats – like they’ve never seen before.

Among the many effects of COVID-19 has been a huge increase in e-commerce business. Lockdown measures have seen consumers increasingly turn to online retailers for reasons of safety and convenience. Web traffic to retail sites spiked by as much as 28 percent on the weekly average.

However, Imperva’s Cyber Threat Index (CTI) shows that, as the volume of online sales has risen, so too has the number of cyber-attacks on online retailers. With cybercriminals capitalizing on the shift in shopping habits, attacks on e-commerce sites at the beginning of lockdown in March surpassed the previous peak, around Black Friday and Cyber Monday 2019.

Unprecedented peak

As this year’s holiday season approaches, retailers must prepare for a Black Friday like no other. Imperva Research Labs has published a new threat intelligence report illustrating the varying cybersecurity attack risks facing the retail industry, and the impact the global pandemic has had on the volume of attacks and web traffic. “The State of Security within E-commerce” suggests levels of traffic throughout the holiday shopping season will reach an unprecedented peak as a flood of consumers turn to online channels to purchase goods.

Among its findings, the report details several concerning cyber-attack trends, including:

  • Bad bots abusing websites, mobile apps, and APIs – A majority of the attacks detailed in the report originate from automated bot activity. A top threat to online retailers, it’s a trend that has remained consistent before and during the pandemic.
  • API attacks – An attractive target due to the sensitive payment data they hold, the volume of attacks on retailers’ APIs far exceeded average levels this year.
  • Web attacks – Cyber-attacks targeting websites reached record levels in 2020. The vast majority of these were carried out against retail sites hosted in the United States by attackers using anonymity frameworks, commonly used to conceal an attacker’s identity.
  • DDoS attacks – Imperva researchers monitored an average of eight application layer DDoS attacks a month against retail sites, with a significant peak in April 2020 as lockdown measures led to an increase in demand for online shopping.
  • Account takeover (ATO) attacks – Online retailers experienced more than twice as many ATO attempts than any other industry this year, with criminals using considerably more leaked credentials due to their guaranteed higher success rate.
  • Client-side attacks – Many online retail sites are built on CMS frameworks with a plethora of third-party plug-ins. On average, 31 JavaScript resources are used per site, making retailers vulnerable to forms of supply chain fraud such as formjacking, data-skimming, and Magecart attacks.

Investing in protection

The impact of COVID-19 means that, during the upcoming holiday shopping season, the retail industry is likely to experience a peak in human and attack traffic that exceeds anything measured this year and unlike anything in recent memory. But, investing in an integrated platform like Imperva Application Security, that provides protection against the leading attacks and optimizes web performance, will help retailers operate efficiently and securely throughout the holidays and beyond.
For more details on the types of threats faced by online retailers in 2020, and what they can do to prepare for them, you can download The State of Security within E-commerce report here.