CIOReview
| | NOVEMBER 202119CIOReviewattack. There are number of ways in which E-Commerce business is exposed to cyber-attacks by threat actors ranging from cyber criminals and fraudsters to hacktivists. It is imperative for E-Commerce businesses to give due importance to managing cyber risk by investing in the optimum security technology, implementing and maintaining effective processes with help of skilled and experienced cyber security experts. While most E-Commerce businesses deploy the basic security controls like anti-malware, Web Application Firewall, anti-DDOSprotection and encryption of sensitive information, they must also consider additional security controls to minimise their cyber risk:- Know your assets and attack surface: make an inventory of all the E-Commerce applications, APIs, third party scripts or integrations.- Monitor and apply the latest updates and patches after due as soon as possible to reduce the time-window from Zero-Day vulnerabilities being exploited.- Reduce your attack surface by taking down unusedservers, webpages, scripts, APIs.- Protect the APIs by testing, using authentication and encryption and API gateways where required.- Verify signaturesand run integrity checks on the public software libraries and plug-ins before integration.- Train the application development team on secure coding practices and incorporate application security testing in the DevOps process. Applications should be secure by design.- Use a PCI-DSS certified payment gateway and processorto protect against web skimming attacks and do not store card data on your portal.- Identify applicable regulations and ensure compliance as more countries are bringing in stringent laws and regulations to protect their citizen's data.- Continuous monitoring and periodic testing of your E-Commerce portal usingskilled resources is very important.The first and last line of defence are humans, hence educating and training not only the employees but also the consumers is a crucial aspect of cyber-security controls- Incident response processes must be documented and testedregularly for effectiveness.While these controls may seem daunting, especially for small businesses, they can leverage managed security service providers. Popular brands are often targeted by cyber criminals who create fake E-commerce websites and defraud consumers. Businesses must monitor against brand infringements with help of threat intelligence and brand monitoring services. In addition, businesses need to evaluate the cyber risk exposure in financial terms and ensure adequate cyber insurance cover. The first and last line of defence are humans, hence educating and training not only the employees but also the consumers,is a crucial aspect of cyber-security controls. Security controls like multi-factor authentication are often looked upon as unnecessary overheads by the business and considered an impediment for customer convenience. However, these controls protect customers from stolen credentials being misused. Balancing security controls and user convenience is an art which businesses need to master. Business runs on customer's trust! In E-Commerce business,ensuring secure shopping experience is fundamental to sustain this trust.Security is not a one-timeinvestment. Appropriate, thoughtful and systematicinvestment in cyber security will go a long way inremaining competitive in business and protecting and enhancing the brand value. Parag Deodhar
< Page 9 | Page 11 >