In recent years, the number and variety of new security threats seems be increasing exponentially. Online commerce has taken off and criminals are taking note, putting consumers and the businesses that they buy from at risk.
The 2012 Verizon Data Breach Investigations Report (DBIR) presents some unsettling data regarding the state of web-based threats, with cybercriminals continuing to automate and streamline their tactics for stealing corporate and personal information.
But it’s not all doom and gloom!
This year’s DBIR also presents some valuable lessons that online businesses can use in order to stay one step ahead of the cybercriminals.
1. PCI Compliance is Key
As more and more transactions are carried out online, stricter credit card security is becoming an imperative, and compliance with the PCI Data Security Standards (PCI DSS) is the best place to start.
However, low levels of PCI DSS adherence, especially among small to medium sized online merchants, have resulted in serious security threats. In fact, Verizon found that 96% of retailers who were the victims of a cyber attack were not PCI DSS compliant.
For online merchants, PCI DSS compliance is a vital step in protecting the safety of customers’ financial transactions. Whether your business is a small Etsy-like storefront or a Zappos-sized retailer, achieving and maintaining PCI compliance must be a priority.
2. Use a Third-Party Security Provider
While implementing your own security measures and encouraging customers to be smart users is essential, third-party help in the form of an outside security vendor is key to preventing breaches.
The Verizon DBIR found that in 2011 alone, 92% of incidentswere discovered by a third party rather than by the merchant themselves. Implementing a website vulnerability scanning service like the McAfee SECURE™ service can help online businesses avoid threats altogether by scanning daily for thousands of hacker vulnerabilities.
3. Take Yourself Out of the ‘Low-Hanging Fruit’ Category
According to this year’s DBIR, 79% of data breach victims surveyed were targets of opportunity. Many hackers don’t execute pre-meditated attacks – it’s difficult, time consuming and requires a high level of technical skill. Instead, thieves troll for vulnerable sites and often gain entry by exploiting simple and easily avoidable system weaknesses like insecure domains.
Implementing even the most basic security best practices is an important first step in removing your site from the bottom of the barrel. Always employ a security solution that can monitor for suspicious activity and immediately alert you in the event that a threat is detected.
Large or small, the cost of a breach can be devastating to your business, your customers, and your business reputation as a whole. When considering the potential revenue losses, legal fees, and unforeseen fallout, there is little doubt about the risks to your future as an online merchant.
Share your thoughts on this topic in the comments below, and be sure to follow us on Twitter at @McAfeeSECURE for the latest eCommerce news and events.