Online retailers must get to grips with their security posture fast, says Sonassi

16th September 2020

Over the weekend (12-13 Sep), more than 2,000 Magento 1 online stores were hacked in what has been described as the largest documented campaign since 2015.

Magento 1 officially reached its end-of-life (EOL) at the end of June and the attack is yet another example of why online retailers must get to grips with their security posture. This is especially the case for those companies choosing to remain on Magento 1 which is no longer supported with security patches:

Unfortunately, this incident should not come as a surprise. As far back as last year, warnings had been issued about the likelihood of attacks on Magento 1 stores, and as the deadline to EOL grew closer, these warnings have gotten louder. While cyber threats do exist on Magento 2, those remaining on Magento 1 are no longer supported with security patches, and therefore a prime target for hackers.

As we head into the winter months and with the threat of a second wave and localised lockdowns persisting, online retailers are likely to see demand remain heavy for their services. While this is undoubtedly a welcome headache for many, it should not mean merchants hold off on securing their website, particularly when incidents like this lay bare the realities of inaction.

It’s critical retailers deploy basic, cybersecurity, best practices. Simple things such as regular updates to your passwords and multi-factor authentication are often overlooked. Additionally, retailers should be locking down the administrator interface by IP address. This simple change makes it much harder for hackers to get near this critical part of the store.

Many attacks involve files being added or changed on a website. It is vital you monitor your log for any suspicious file activity. Furthermore, run regular audits on admin accounts and keep admin access to a minimum. You should always know who has access to your website.

Finally, ensure you scan your website regularly for indicators of compromise. This will give you a much stronger insight into the security posture of your business.

by James Allen-Lewis, development director, Sonassi

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Online retailers must get to grips with their security posture fast, says Sonassi

Categories

Related News

Chinese eCommerce sales to jump by 62 per cent & reach over US$2 Trillion in 2029

ASOS racks up significant half year loss

Navee launches Navee GPT, an anti-counterfeiting solution

DS Smith agrees deal with International Paper

Dr. Martens names new CEO

Celigo and TikTok Shop partner to unlock new opportunities for retailers

Poundstretcher founder selling to investment firm

Half of UK shoppers think AI has improved their retail experiences — up 12 per cent from 2023

Online retailers must get to grips with their security posture fast, says Sonassi

Share

Categories

Related News

Sign up to receive our newsletter