At first glance, the types of threats that eCommerce retailers are exposed to seem quite varied. There are stories about eCommerce hacking rapidly growing, and others about the dangers of instant messaging apps getting hacked.
However, if you look a little more deeply, you’ll see that many of the common types of cyberattacks, particularly those that affect eCommerce stores, have one thing in common: they take advantage of cloud storage.
This seemingly simple fact has huge implications for eCommerce security. In this article, we look at the key types of threats that you need to be aware of when using any kind of cloud storage solution.
“Attack surface area” is a key term in the cybersecurity community, but it is also a piece of jargon that it can be difficult for beginners to understand. It describes the number of ways that a hacker can target your systems or business.
Cloud storage and software solutions greatly increase your attack surface area. The more systems you move to the cloud, the more data you are exchanging with third-party servers, and the more likely it is that this data will be intercepted.
This is particularly true if you are making use of certain forms of novel technology and working practices. For instance, the Internet of Things (IoT) relies on the cloud at a fundamental level and is particularly susceptible to hacking.
Recent internet usage data indicate that the Internet of Things will comprise 20.6 billion devices by the end of 2020. These types of attacks are likely to increase. Equally, if any of your employees work remotely, they are increasing your attack surface area because they are going to be sending higher levels of sensitive data to the cloud.
Thankfully, there are also ways to reduce this risk.
Encrypting your connections by using a VPN is a good way to stay safe when working remotely, as is ensuring that all of your cloud storage is also encrypted.
The way cloud services are built can make it easy for hackers to access other parts of your infrastructure once they have gained access to one system. This kind of “lateral attack” is most often mentioned in relation to consumer-level hacks. This is where an attacker will attempt to compromise cloud-based email systems not to steal pictures of pets, but instead to steal passwords that give them access to the huge amounts of money stored in online banking systems.
Ecommerce retailers also need to be aware of this aspect of cloud systems. The issue for many small companies is that it can be tempting to buy (or lease) an “all-in-one” cloud-based software suite that is able to provide all of the critical business systems you need. This “all-in-one” suite can include an eCommerce platform, email marketing software, and even employee monitoring and payment tools.
In principle, there is nothing wrong with using systems like this. However, if you decide to purchase one, you should ensure that your cloud provider has adequately segmented the portions of your system that they are providing. In other words, hacking your email marketing software should not provide an easy way to access your online banking accounts.
Data Corruption and Loss
Ten years ago, cloud systems were seen as a great way to backup data. However, slow internet speed meant that working straight from cloud systems was slow and frustrating. That situation has now changed. The best cloud storage providers are now fast enough for most of us to work directly on files stored in the cloud.
Unfortunately, this shift has led many small businesses to forget about the importance of backups. The way that cloud services are structured can make it difficult to see an overview of everything you have stored in the cloud, and it has become equally difficult to make a local backup of it.
This is a problem that is exploited in one of the most “popular” forms of cyberattacks out there: ransomware. In this kind of attack, a hacker will break into your cloud systems and encrypt everything. They will then ask you to pay them a fee to have this information returned to you. If all of your data is held in the cloud, and if this is your only copy of it, then you will have little choice but to pay them.
None of the issues above are unique to cloud solutions, of course. Rather, the cloud makes many common security vulnerabilities a lot easier for hackers to take advantage of.
Because of this, protecting yourself against these vulnerabilities relies on the thorough implementation of security tools, techniques, and behaviors that you are likely to be already aware of. In order to improve your cloud security, in other words, you need to ensure that you are getting the basics right:
- Use strong passwords for all of your systems
- Don’t link all of your systems together
- Encrypt both your connections (using an iOS VPN) and your data when it is at rest,
- And make sure that you train your staff on how to keep their data secure, and how to spot a hack when it does occur
All of these tips are great ways to tackle cybersecurity issues in cloud and non-cloud environments. But you should ensure that these tools and processes are in place before you move to the cloud as this will expose you to a higher level of risk.
|Sam Bocetta is a freelance journalist specializing in U.S. diplomacy and national security, with emphases on technology trends in cyberwarfare, cyberdefense, and cryptography.|