Yoma Cyber Security 1

eCommerce Cyber Security – Keeping Magento Secure

If you are a retailer utilising the Magento platform to do business online, this is an essential article to read to understand the importance of deploying the appropriate cyber security on your eCommerce store. Read on and keep the safety of yours, and your customer’s data under lock and key.

If you are running Magento, you will know that a big deadline is looming. After June 2020 the Magento 1 platform will no longer be supported by Magento for updates. 

In addition, it is estimated that following this deadline there is likely to be a huge wave of attacks on M1 platform eCommerce stores. This makes now a more important time than ever to nail your site security.

Cyber Security Threats On The Increase

Your eCommerce store could come under attack sooner than you think. Cyber attacks have been on a huge increase recently across the board.

In June 2019, Magento 2 store hacks spiked from less than 50 per month (on average) to nearly 300 in that month alone. In the months following news was published on card skimming hacks that steal customer payment information to be used fraudulently and for identity theft purposes.

It seems Magento are working hard for you too. More and more security vulnerabilities are also being identified and patched by Adobe and Magento, with 130 addressed and protected against in that same month with 2 patch releases.

Act Now To Secure Your Magento eCommerce Store

First of all, patch & update in a punctual manner. When new security patches are released for Magento they are there for a reason, such as the ones mentioned above!

Keeping your Magento store up to the latest versions will mean your site is protected against new threats that are emerging all the time.

Choosing a Magento support partner like Yoma means that you can relax in the knowledge that we will always let you know when new updates and security patches require installation.

But how does the current landscape look? In addition, what else should you be doing to secure your site against hackers and thieves? As well as providing industry-leading Magento Support and Maintenance to keep your site secure, YOMA have collaborated with some of the greatest and best cyber security experts to advise on what you could do to improve. 

The Online Cyber Security Threat Landscape 

The online threat landscape is incredibly dense and constantly evolving, and cyber-crime has never been a more pressing threat to online businesses and their data as attacks grow in frequency, volume and sophistication.

Taking precautions against cyber-attacks is vitally important for any business with an online presence and even more so if you host business-critical and revenue generating services online.

Downtime during and after a cyber-attack can have a huge impact on revenue and productivity, not to mention the negative impact on the integrity of your brand, lost customer confidence and the cost of recovering systems.

Add to this the introduction of the General Data Protection Regulation (GDPR) in 2018, with rigorous revamps in the laws and significant fines for data breaches, and you have a number of persuasive arguments for investing in specialist support, advice and technology to tighten your online security measures and processes.

Starting with the Obvious: SSL (Secure Socket Layer) Encryption

If you’re a webmaster you will have known for years how essential having an SSL certificate is for your site. But what is one? And, what does it do?

An SSL certificate on an eCommerce store ensures that sensitive pieces of data are protected. We’re talking data like passwords, addresses, credit card information and more. 

A present SSL certificate means data is encrypted and therefore way harder for hackers to intercept when used on a site. An SSL creates a key that is used to validate information on the server

Over the last few years, companies like Google have pushed the internet hard to adopt SSL. For example, a present SSL certificate is now part of considerations made in Google’s search ranking algorithm, meaning a site with an SSL could be prioritised in rankings over a site without one in a like-for-like search. An SSL is definitely a must-have!

First Line Protection Using a WAF (Web Application Firewall)

A great way to start protecting your site from threats is to be able to monitor, and stop suspicious traffic from accessing it. A web application firewall can do this for you by monitoring traffic accessing your website, and filtering out potential threats before they can pounce.

This can help protect you from code injection and SQL injection hacks to name a few. 

Why is it important? Sucuri Website Security provide world leading website protection, here’s their answer:

“Utilizing a WAF is not only important for protecting against known and zero-day attacks, it will also buy you time through virtual patching. This prevents vulnerability exploitation during the planning the deployment of periodic security updates. It also keeps the website safe during a major migration, such as upgrading from Magento 1, which will reach its EOS in 2020.

Even after Magento stops supporting version 1, our Vulnerability Research Team will continue analyzing potential vulnerabilities against Magento 1 and releasing virtual patches for them to users of the Sucuri WAF.”

Fioravante Souza, Threat Research Manager @sucurilabs 

A Layered Security Approach

Effective security is layered and deep, covering a range of vulnerabilities.

Attacks against your website and server infrastructure can take a huge variety of forms including viruses, malware, ransomware, DDoS attacks and exploits of vulnerabilities in technology frameworks such as Magento and WordPress or even the chip sets of web servers, like the Meltdown and Spectre issues of 2018.

Threats can also be internal to an organisation, with consequences just as serious as the more headline grabbing external attacks. A common issue is the misconfiguration of server and security settings, either intentionally or through lack of knowledge and experience.

A layered approach to online security seeks to protect against this variety of threats and create security strength in depth, moving beyond the digital to also include physical security, monitoring, reporting, regular reviews and updates. 

Achieving Layered Security

Expert advice, configuration and management by your hosting provider can provide a huge boost to achieving this level of commitment to on-going online security.

A specialist provider will be able to offer physically secure data centre infrastructure, a secure by design hosting platform and network security such as Internet facing firewalls and isolated internal networking, along with regular security monitoring, updates and patching to minimise your exposure to threats.

In addition to this, the team at Secura have also implemented a fully managed suite of industry leading security technologies on our hosted infrastructure to protect against a full range of online threats. This Web Protect suite brings together DDoS mitigation, network intrusion detection, exploit and vulnerability scanning, anti-virus, malware and ransomware software, as well as robust data encryption.

Finally, it is vital that businesses consider the on-going management, configuration and reporting of security services. Security, like the threats it seeks to combat, needs to evolve, change and grow over time to remain effective.

A specialist hosting partner can take ownership of the regular reviews, monitoring and reporting that are a vital part of the overall security process, reducing the impact on the internal IT team and offering expert insight on its future development and direction to keep the businesses online assets secure.

Secura specialise in hosting critical web applications. Our highly secure Virtual Private Cloud hosting underpins applications with incredible flexibility and resilience, offering the scale, security and commercial flexibility that businesses need to grow quickly, without restrictions and restraints.

Secura are ISO 27001, ISO 9001 and ISO 20000 accredited, a Microsoft Gold Cloud Platform Partner, a VMware Enterprise Service Provider and winner of VMware’s VCPP Cloud Partner of the Year 2019.

The Future of Cyber Security Within eCommerce

Your eCommerce store is a frontline in the ongoing battle against cyber security threats.

We can only predict what the future will bring but ensuring your store is a virtual fortress now will certainly help for the future.

Building your virtual fortress means working with security and support partners like Yoma, Secura and Sucuri to protect your site. Contact us today for a free consultation.