Hollywood has painted the world of hacking as a slick, complex, world of nation state attackers using undetectable, 0-day attacks against large corporate organisations. Whilst sometimes that's exactly the case, most of the time it's not like that at all. We’re seeing focused and organised criminal groups performing exploits of often very old vulnerabilities against smaller companies and merchants. Most of the entities being breached never gain media attention and small/medium sized businesses are being decimated by hackers every day.
The problem is; most of these breaches are avoidable. Regular patching and updates to Internet exposed websites would dramatically reduce the likelihood of being hacked. Yet our research confirms the bulk of ecommerce merchants are not doing this!