The push to fast-track digitalisation plans at the height of the pandemic points to the efforts of retailer companies to respond to the consumers’ changing purchase behaviour and spending patterns. As consumers switch to e-commerce and online shopping, retailers have adjusted their digitalisation plans to ensure that they are equipped to meet the current needs of the business. However, amid the increased IT investment to improve customer relationships, enhance order and product management and tap insights from data assets using analytics, retailers also need to invest in security solutions that provide end-to-end visibility and implement strategies to boost cybersecurity capabilities without impacting performance.
As e-commerce gains a foothold in Southeast Asia, cybercriminals have taken advantage of the influx of online shopping activities by launching cyber attacks targeting retailers and e-commerce companies within the region. For instance in Malaysia, Bukit Aman Commercial Crime Investigation Department’s (JSJK) investigator ASP Mohd Sa’adon Sabirin shared that a total of 8,162 cases of e-commerce fraud with losses amounting to RM57.73 million has been reported as of October last year. The number of incidents increased since 2020, as there were a total of 5,848 cases, which involved a total loss of RM35.88 million.
Moreover, companies in the region are expanding their digital footprint by leveraging e-commerce platforms and partnering with service providers and contractors to meet the needs of their customers better. However, without a reliable cybersecurity solution in place, e-commerce platforms can serve as an attack vector for threat actors. In 2019, two rogue employees of Malaysian e-commerce services provider GoQuo have been identified as the culprits behind a security breach that compromised the personal data of Malindo Air and Thai Lion Air passengers, affecting around 21 to 30 million passengers.
Tackling the unique challenges of the e-commerce industry
With so many moving parts, e-commerce systems tend to be complicated and may contain supporting software and plug-ins that are sometimes managed and patched independently from the primary e-commerce application or website. Retailers using a single application suite can easily upgrade the system, but in more complicated apps, websites, databases, plug-ins and supply chain software has to be first managed, then checked for vulnerabilities before each component can be upgraded. In a best-case scenario, all a retailer has to do is upgrade a plug-in. However, as this is not usually the case, upgrades can be challenging since applications have been customised or have been deeply integrated into the system itself. Even seasoned security professionals have a difficult time securing all pieces of these complicated systems, and sometimes vulnerabilities remain unpatched for a long time.
Cyber attackers are aware of this and they can leverage this challenge to infiltrate e-commerce systems and platforms. Retailers must take a proactive stance by implementing application scans and auto-patching functions to help identify vulnerabilities, strengthen endpoint security and reduce attack surfaces.
Hackers are Eyeing Payment Applications
At the same time, cybercriminals are targeting e-wallets and payment apps to steal financial data and money. Fake ecommerce sites are quickly becoming the latest threat to consumers and they cover a wide range of products to lure potential buyers. Fortinet’s threat intelligence unit FortiGuard Labs, has observed more and more scams involving counterfeit websites that appear to be legitimate ecommerce sites. These scam websites impersonate the look and feel of the world’s largest companies and their respective trademarks to compel and lure victims into making purchases from their site.
As a result, several e-commerce platforms have developed built-in payment solutions such as GrabPay, ShopeePay and FavePay to prevent credit card scams and implemented multiple identity authentication steps to eliminate the risk of one-time passwords (OTP) or unauthorised access to online banking portals. To optimise the benefits of digital payment apps, brands and e-commerce platforms should recognise the risks involved in using digital payment methods and comply with industry regulations to protect their customers’ financial information. Setting up firewalls to seal off the company network against malicious files or utilising data encryption in transmitting sensitive information are some of the steps e-commerce companies and retailers can leverage to keep customer payment information out of the hands of attackers.
Basic Cyber Hygiene is Key
Lastly, educating consumers on how to safeguard their data is an essential step. While the use of security protocols and advanced encryption to safeguard user information is prevalent, cybercriminals may still gain access to someone’s digital wallets and account through stolen credentials and malware or botnets installed on mobile devices. Thus, e-commerce companies and retailers should also teach users to spot suspicious activities such as phishing, online shopping scams and unauthorised transactions. With awareness of the security issues affecting the retail sector, e-commerce companies and retailers should empower their customers to take an active role in protecting their data.
E-commerce revenue in Malaysia reached a total of USD4 billion in 2020 and is expected to reach USD12.6 billion by 2024. To ensure sustained growth, securing platforms and improving cyber hygiene is key for both retailers and e-commerce platforms. Retailers and e-commerce companies managing multiple locations with limited IT staff must operate with a high level of automation. They should also aim for zero-touch deployment to save time and achieve network-wide visibility and control from a single security platform dashboard.
Security must be baked into the framework of a digital strategy to protect the data assets of the company, as well as win and retain the consumers’ trust and confidence. Without a robust cybersecurity plan, organisations may end up losing the resources that they had fought to save when digitalisation plans were initially implemented. This fact alone should be of concern for any digital business, especially those in the e-commerce space. Thus, it is imperative for retailers to use a unified platform that enables businesses to monitor and secure every possible attack vector across the network’s IT environment.
