E-commerce is booming. Global retail e-commerce sales reached $4.9 trillion in 2021, and they are forecast to increase to around $7.4 trillion by 2025. However, with businesses moving to the digital space, there comes an increased risk of cyberattacks, such as distributed denial-of-service (DDoS) or ransomware attacks. In fact, apart from ransomware attacks, the biggest problem companies face these days are DDoS attacks.
A DDoS attack basically overwhelms a network with requests, forcing it to shut down or malfunction. This is further exacerbated due to the fact that more and more people are working remotely. Proper cyber hygiene is often neglected, especially in industries where it wasn’t common previously.
Having proper cyber security measures in place is more important than ever, especially for online businesses, such as e-commerce companies, online retailers, or other organizations that operate digital business models. Businesses that are entirely reliant on being available online are hit the hardest by cyberattacks and their repercussions.
Many small businesses are not properly protected
According to an international survey of 1,300 SMB owners, around 54 percent of all small businesses do not have implemented any cyber resilience strategies. With this in mind, it’s not surprising that cyberattacks tend to be aimed at small businesses.
In fact, CNBC reported that 43 percent of cyberattacks in 2020 were aimed at small businesses, including many e-commerce businesses. E-commerce websites will always be an attractive target for cyberattacks since they naturally deal with a lot of personal and financial data.
Unfortunately, e-commerce businesses are also hit particularly hard by cyberattacks. According to the 2020 Cisco Small and Medium-Sized Business Report, around 24 percent of small businesses and 31 percent of larger organizations suffer at least eight hours of downtime as a result of cyberattacks. This downtime can result in huge losses, especially for e-commerce businesses.
Literally, each second an e-commerce business is offline is increasing the financial damages that are being caused since downtime means that consumers can not place orders, and, as time progresses, reputation is going down the drain, too.
Data clearly shows that neglecting cyber security measures is going to cost companies extraordinary amounts of money in the long run. According to Statista, the global average cost of a data breach was over $4.2 million in 2021, which is around a 10 percent increase over the roughly $3.8 million it cost in 2020. With single attacks resulting in such high financial losses, cyber security should be an online business’s top priority.
Online businesses need proper protection
While they can be used purely to shut down a website or interrupt service, DDoS attacks are also often used to hide other attacks, like ransomware hacks. A DDoS attack can keep a company’s IT team busy for a while if it isn’t adequately prepared.
This poses a very high risk, especially for e-commerce businesses since more than 90 percent of attacks are financially driven and there is a lot of personal data to be gained from e-commerce businesses. So, if a DDoS attack is camouflaging a hack that is looking to get banking details, credit details, and other personal information, it can get messy very quickly if the IT team does not realize what is going on.
Further, as a consequence of tighter privacy regulations, such as GDPR or CCPA, a successful attack is not only going to translate into immediate costs due to lost revenue and efforts to recover the affected systems. Fines and legal fees in the aftermath represent another major drawback.
While cyber security measures are always evolving, so are cyberattacks. Cyberattacks are becoming a lot more sophisticated and can be way more intricate than simple DDoS brute force attacks.
Lastly, digital value chains increasingly rely upon application programming interface (API) interaction, for example, to allow a seamless process toward a payment provider or a shipping company once a purchase order has been placed. There are use cases in abundance.
However, unlike a DDoS attack on large corporate infrastructure, it doesn’t need a lot of bandwidth in order to overwhelm an API. In fact, the API turns into the weakest link of the supply chain, and even a tiny little attack can bring the entire process to a complete standstill with next to no effort.
In light of the evolving threats, it is of utmost importance that e-commerce businesses, and especially small businesses, properly protect their operations. Security systems that utilize artificial intelligence and machine learning are the future of cyber security.
About the author
Marc Wilczek is the COO of Link11, which is a leading IT security provider in the field of protecting web services and digital infrastructures against cyber-attacks. With its North American headquarters in Vancouver, the company offers fully automated, cloud-based anti-DDoS protection with the fastest Time to Mitigate (TTM) available on the market. Link11 utilizes AI and machine learning to ensure that its TTM accurately recognizes malicious traffic as fast as possible.
Wilczek has more than two decades of leadership and management experience. At Link11, he is responsible for strategic business development, growth initiatives as well as marketing and sales. In addition to management functions within the Deutsche Telekom Group, he was previously Senior Vice President Asia-Pacific/Latin America/Middle East and Africa at the eHealth group CompuGroup Medical and headed the Asian business at the IT security expert Utimaco Safeware (now Sophos), among others. Wilczek has a Master of Science in Management from London Business School and attended as a Sloan Fellow.