Cyber security for the E-Commerce industry.

The e-commerce industry continues to be the primary focus of cyberattacks, with one in three experiencing a successful attack each year. E-commerce security aims to protect businesses from cybersecurity attacks and safeguard customers’ data by ensuring safe and secure online transactions.


The three pillars of e-commerce business are:

  1. Confidentiality – ensuring customer data is not accessed by unauthorised third parties
  2. Authentication – evidence that the customer and e-commerce company are real and complete their part of the transaction
  3. Data integrity – customer information should remain unedited and as-given

Cybersecurity issues in the e-Commerce industry

The cybersecurity issues facing the e-commerce industry include:

  • Phishing – These attacks intend to gain confidential information through email requests that appear official and genuine. The attacks are conducted on a massive scale to weed out the small percentage of recipients who will fall for the attack.
  • Spearphishing – An evolution of the phishing technique, spearphishing targets e-commerce sites and uses specific information, such as the individual’s job title and co-worker names to create a compellingly genuine email.

Further cybersecurity issues facing e-commerce firms include DoS and DDoS attacks, malware, SQL injection, cross-site scripting, and brute force attacks.


Serious cyberattacks on the e-Commerce industry

In 2014, eBay was hacked with attackers acquiring the personal information and passwords of all registered users. This enabled the attackers to launch brute force attacks on user accounts held elsewhere, making them vulnerable to identity theft and account hijacking.


The eBay attack was enabled by a 2010 spearphishing attack of Romanian origin. The spearphishing attack gained the credentials of six eBay employees.


How to combat cyberattacks 

E-commerce businesses need a multi-pronged strategy to ensure security against cyberattacks:

  • Multi-layer security – Implementing several layers of defence strengthens your overall security standing. Layers may include introducing two-factor authentication or a Content Delivery Network.
  • HTTPS protocols and Secure Server (SSL) Certificates – These encrypt sensitive data that is shared through the internet. Without SSL Certificates, hackers can attack en-route data such as bank card numbers, usernames, and passwords.
  • Solid-rock firewalls – These regulate the flow of website traffic to and from your network and block untrusted networks. 
  • Anti-malware and anti-virus software – These block and detect malicious software with automated or manually instructed system scans.
  • Comply with PCI-DSS requirements – The Payment Card Industry Data Security Standard must be followed by any e-commerce business that handles credit card transactions. The standard requires you to protect cardholder data, regularly monitor and test your network, and maintain a secure network, vulnerability management program, and information security policy.

If you are interested in tackling cyberattacks, get in touch with us. We can offer your business Penetration Testing and Cyber Essentials.

Contact us

Related Articles

Internal Penetration Testing

Having secure online systems is essential for your company’s cyber security. One of the most effective approaches to ensuring high levels of cyber security is

Find Out More

Tips for keeping a website safe

Understanding the importance of keeping your website safe is essential; if you don’t, you are actively allowing hackers to compromise and leak your data. Hacking is becoming more commonly performed by automated scripts written to scour the internet to exploit known website security issues in software.

Find Out More

Website Penetration Testing

Omnicyber provides web app penetration testing services to identify vulnerabilities in all your online products or data stored in the cloud. This includes making sure your website is protected and that you are well informed about the most common types of website vulnerabilities and how you can prevent cyber attacks.

Find Out More