Let’s help secure the Magento Community - Advice & Resources
What we do
We have a mission to make cyberspace safe for everyone and it guides us in all of our client relationships - from card brands, to some of the largest fintech organisations in the world, through to some of the smallest online businesses in the world.
We also have a very active Threat Intelligence Group finding and analysing new threats to keep our clients safe. One of our solutions that benefits from this Threat Intel feed is called WebScan - initially designed as a free scanner for website owners to get a quick understanding of their website security posture, we now monitor over 10,000,000 websites each month. It uses every single “Indicator of Compromise” our team has gathered through 10 years of forensic work and intensive Threat Intelligence research - as a side note, as a result of all this exposure on “front lines”, we believe we have the most comprehensive capability to detect “badness” in websites, globally.
This unique visibility into the eCommerce landscape around the world helps us to see early trends on new malware, understand which platforms/frameworks are being targeted and how many - and which - sites are hacked with payment data being stolen transaction by transaction.
How we can help
One of the most versatile and powerful frameworks out there - Magento - is the current target (and has been for some time).
Having analysed the various reasons why these Magento sites are getting hacked, it’s clear that developers and website owners simply need some basic cybersecurity education to change the risk profile of their sites. We’re not talking major changes or "AI-led, expensive" security.... we’re talking about changing the defaults when setting up the site, using multi-factor authentication (arguably one of the best bang for buck controls) and keeping the website up to date.
With Magento 1 having reached End Of Life last month, the challenge for websites sticking to Magento 1 is that they are going to need to do more to mitigate risk as Magento will not be releasing any more security patches.
We are tracking the security status of Magento 1 sites around the world and, at the time of writing this, there are over 200,000 Magento 1 sites still transacting.
So, we have produced a resource for them - free advice and a regularly updated Magento Website Security Report, so that they - and the whole industry - can see the migration numbers, the hacked numbers and the High Risk Numbers (currently 95% of all Magento 1 are what we categorise as High Risk).
You can download the report here. No gate, no email required - it’s a free resource for you.
We hope it helps.
If you need anymore information on it, please get in touch firstname.lastname@example.org.