As a qualified PFI with the largest Forensic team in Europe, we are continually honing our skills and expertise in tackling the ever-evolving cybercrime world on the front line. Cybercrime heavily affects everyone involved, be it the company getting hacked or the user’s details being stolen.
Here are some quick facts and figures
- Foregenix forensic caseload for 2014 was passed by Jun 2015.
- 65% of 2015 PFI cases involved compromised ecommerce sites.
- 80% of breaches investigated are UK based.
- The increasing attacks vectors are still application vulnerabilities, SQL injection and remote command execution.
Continuing with the e-commerce trend…
So why isn’t every company on top of their cyber security? Likely because your business sells car parts or bespoke curtains and blinds - our Forensics team can’t fit you a new cam belt or make you bespoke roman blinds and eyelet curtains, and the principle is largely the same in reverse. It’s important to seek experts for the things you don’t know. A common misconception is that speaking to Security Experts will be costly, and to a degree you would be right, which is why for the same reason you can now order bespoke made to measure curtains online and fit them via a YouTube step-by-step guide. Similarly, you can use technology for a fraction of the cost of a security consultant.
With the popularity of off-the shelf ecommerce platforms increasing, so does the efficiency of vulnerabilities, coupled with the fact that exploits now spread like wildfire with media attention and social media outlets. There is a classic misconception - because you are using a well-known brand and/or well-known third parties that the overall responsibility of your business and client data does not sit with you; the demarcation of responsibility is no longer black and white. Quite simply, broadly speaking, there is a lack of basic security controls and security mind-set in the e-commerce world - we often see the response “what is PCI DSS?” Lots of SME’s believe security to be in a physical sense and spend a fortune on alarms, CCTV, Locks etc., when in actual fact the real threat is in the cyber world where the monetary costs and fines can be enormous, along with the company’s reputation being damaged and lots of other unquantifiable issues that you will become aware off.
The Cyber Security Starter Kit
Most attacks we see are extremely simple to execute and by the same token, relatively simple to prevent.
- A large proportion of attacks can be avoided by implementing a Web Application Firewall (WAF) to protect your website.
- Secondly, most attacks involve modifying a website, loading malware, web shells or backdoors, all of which can be very quickly detected by simply setting up a File Integrity Monitoring service on your website. This will help to immediately protect your website by alerting you when any changes are made - authorised or unauthorised.
- Malware scanning and card data scanning are also very important and help to further protect your website.
- Web log monitoring will help you to identify any abnormal behaviour on your website – usually an early warning of an attack.
Implementing these 4 controls will help to detect the vast majority of e-commerce breaches and will provide an extremely secure environment; it is however not a silver bullet and security awareness is key. In the same way you would tell your employees to ensure they lock the office up and ensure all alarms are activated, you should also make sure that they are aware of security best practices in the e-commerce world.
Referring back to the beginning of this blog, it is important to do your homework and look for the right technologies and services that will help your business. Foregenix have created a tool called ‘FGX-Web’ which, aside from providing essential protection and security monitoring, forms a critical part of our forensic investigations. It enables our team to quickly gather forensic telemetry, supplying critical information they need to be able to secure an infected website.
Intelligent Ecommerce Security
Not only does FGX-Web protect and alert you from the get-go, it’s also constantly evolving. Our Forensic team uses it daily, so whenever we find a new vulnerability FGX-Web gets updated to search all current users for the same vulnerability. We call this “Community Health”. As well as this, you can also use your own custom parameters.
FGX-Web Protect comes free for a year within our Forensic Investigations packages, offering all of the above-mentioned controls and much more. Read more about FGX-Web here or call 0845 309 6232 to speak to one of our experienced team.