Magento 1 End of Life - With one week to go, here are the facts.

We conduct monthly monitoring of the security status of the websites within our eCommerce “universe” dataset - last month we checked over 8.4 million sites within our universe scan and these are the summary results, with a particular focus on Magento 1:

Total number of Magento 1 sites being monitored: 218,722

CRITICAL RISK sites: 3,166
(Note: CRITICAL RISK means the site is hacked and payment data is being actively stolen right now)

CRITICAL Risk Magento 1: 2,040
Most prevalent card harvesting malware: Skimmers (over 3,000 found in 3,166 hacked sites)

Sites at HIGH RISK of being hacked: 708,451
HIGH RISK Magento 1: 206,021

The facts are that:

• Magento 1 sites make up 64% of the hacked sites globally - we’re talking about hacked sites with active theft of payment card data taking place.
• 95% of Magento 1 sites are categorised as either HIGH or CRITICAL Risk.
• Criminals are targeting Magento 1 - there is no doubt about this.

What else?

Both Visa and Mastercard have said that they will not accept Magento 1 sites as being PCI Compliant, without compensating controls.

So what does this mean for Magento 1 websites?

• In short, the criminals are targeting these sites as most of them are exhibiting some form of weakness/vulnerability from a security perspective.
• The industry is getting increasingly concerned that the numbers of breached Magento 1 websites is going to increase and possibly accelerate as time passes.
• Magento 1 websites need to weigh up their options if they haven’t done so already.

Migration is a challenge - we understand, from speaking with a large number of merchants, that migration from Magento 1 to Magento 2 is the easiest option, but even then it needs careful planning, and consideration to ensure that the site is successfully migrated across. Without losing the years of investment in SEO and so on… In short, migration is vital, but it needs time, planning and care.

What do Magento 1 websites do in the meantime?

Our advice is to secure and insure.

• Secure - lock down the website and implement an effective website security solution. We are offering all Magento 1 websites short term assistance with our solution set - you can sign up here for free for 2 months. Our solutions also come with a breach protection warranty.
• Insure - make sure your business has cyber liability insurance that will cover a data breach and the associated costs. A breach can be devastating for a small/medium business - in fact, according to Inc magazine, 60% of small to medium sized businesses that get breached are closed down within 6 months. Insurance is vital - especially while you remain on Magento 1. Highly recommended once you’ve migrated, but you should not consider allowing another day to pass without ensuring your business is appropriately insured. Your business survival may depend on it.

Your business may not be migrating before the End of Life deadline in a week, but you can take steps to ensure you are mitigating the risks. We’re here to help - we have well over a decade experience in helping eCommerce businesses defend against criminals and we’d be very happy to help you too.

For more information check out our Foregenix WebScan Industry Update June 2020 and join our
Magento 1 End of Life: How to Avoid Card-harvesting Malware Breaches webinar on 29th Jun 2020.