Singapore’s retail industry experienced 31% more security incidences from April to September 2021 than the previous six-month period.
The State of Security within eCommerce 2021 report by cybersecurity firm Imperva also reveals that online retail remains a prime target for automated bot activity. Nearly six in 10 (57%) attacks recorded on e-commerce websites this year were carried out by bots.
Moreover, the proportion of sophisticated bad bots on retail websites reached 23.4% this year. This is worrying as sophisticated bad bots evade simple defences by producing mouse movements and clicks that closely resemble human behaviour. Those bots are also responsible for account takeover, fraud or denial of inventory that makes it harder for legitimate shoppers to get their desired goods.
The report also found that Distributed Denial of Service (DDoS) attacks spiked 200% in September 2021, compared to the previous month. Part of this uptick in activity is tied to the Meris botnet that impacted organisations globally.
See: The challenge of shoring up Asia's cybersecurity defences
Throughout the past 12 months, the retail sector experienced the highest volume of application layer (layer 7) DDoS incidents per month across industries. Layer 7 attacks are highly effective as they consume both network and server resources, and are difficult to defend because they require the ability to distinguish between attack and normal traffic.
See also: Alibaba anoints new chief in revamp of stalling commerce arm
According to Imperva, scams typically rise in tandem with the number of online shoppers, which usually happens during the holiday season and large shopping events. Singapore’s retail industry experienced 59% more data leakage attacks in January 2021 – which coincides with the Chinese New Year shopping period – than the typical monthly average.
Imperva, therefore, advises retailers to take the following measures to protect their customers and operations, especially during the upcoming Singles’ Day, Black Friday and Cyber Monday:
- Ensure that they are compliant with all data privacy regulations in their jurisdictions
- Prepare for a high volume of traffic, including DDoS attacks
- Have a bot management strategy in place to only allow legitimate customers onto their website
- Encourage customers to practise good password practices and offer multi-factor authentication
- Protect their existing website functionalities and ensure newly added ones are safe
- Take inventory of all their JavaScript-based services
See also: Break up Google? What’s at stake in antitrust action
“With the global supply chain conditions worsening, retailers will not only struggle to get products to sell in Q4, but will also face increased attacks from motivated cybercriminals who want to benefit from the chaos. Retailers and consumers alike need to take the necessary steps to protect themselves,” says Peter Klimek, director of technology, office of the CTO, Imperva.
Photo: Unsplash
