Your online store is safe from a holdup by a thief in a ski mask. But you are vulnerable to a type of crime that can be even more devastating: an eCommerce cyberattack. And, yes, in a worst-case scenario, hackers can shut down your eCommerce business.
Hackers love eCommerce. As eCommerce sales continue to grow, so does the number of cybercriminals.
Lax security or poor upkeep of eCommerce systems can provide cracks that hackers can slip through to steal your data. But eCommerce cyberattacks can also occur without a security breach. Denial-of-service and denial-of-inventory attacks can interrupt your eCommerce business and cost you money.
Here’s what you need to know about eCommerce cyberattacks and how you can protect your business.
What is an eCommerce cyberattack?
A cyberattack is an assault on your electronic systems. Rather than a physical break-in, hackers find vulnerabilities in your network. The effects can be even more devastating than an in-person robbery.
Some hacks are purely malicious, but most are motivated by money. Cybercriminals can profit by stealing and reselling personal information. If they can access your business accounts, they may be able to steal money directly. In some cases, hackers will shut down your site and demand money to release it.
Ways that hackers target eCommerce sites
There are many different ways for hackers to attack eCommerce sites. Some of these will shut down your online shop. You won’t be able to resume sales until you are able to fix the problem created by the eCommerce cyberattack. In other cases, your site will stay up but the attack may cause damage to your reputation that could end your business. It’s important to understand your vulnerabilities so you can protect against them.
Credit card theft
Many large chains have had credit card breaches in the past few years. The list includes Target, Macy’s, grocery chain Hy-Vee, and Marriott Hotels. Cybercriminals walked off with thousands of credit card numbers, passwords, and other personal information.
Distributed denial-of-service attack (DDoS)
Imagine thousands of requests to place orders coming into your shopping cart at the same instant. Your customers wouldn’t be able to access your cart. Your system would crash. You have experienced a denial-of-service attack. A DDoS attack could force you to take your system offline temporarily, losing sales.
If you sell on an eCommerce platform, you could be vulnerable to an attack on the platform as a whole. In 2011, a Shopify DDoS attack put a number of stores out of commission. In 2013, a Squarespace DDoS attack disabled one of the company’s servers. Fortunately, since then, these platforms and others have instituted security measures to prevent DDoS incursions.
Denial of inventory
Denial of inventory is an eCommerce-specific attack. Hackers fill up hundreds of shopping carts, draining your inventory. Once again, legitimate customers can’t make purchases and your eCommerce sales grind to a halt.
Other types of eCommerce cyberattacks
Here are a few more methods that hackers can use to disrupt your eCommerce business.
Hackers install malicious software on your web pages. Malware can spy on you and steal data from you or your customers. It can also send your customers to another website.
Sometimes malware stops your eCommerce site from functioning at all. In a ransomware attack, hackers demand payment (usually in untraceable cryptocurrency) to give you back control over your site.
Phishing attacks usually start with an email that looks like it’s from a legitimate source, such as PayPal. The email alerts you to a problem and asks you to reset your password. In the process, you enter your current password and hackers gain entry to your system. Once they are in, they might even reset your password and lock you out.
This is a particular risk for mobile eCommerce. This type of attack happens when a hacker taps into communications between you and your customers, picking up sensitive information.
A DDoS wakeup call in 2016
A distributed denial of service (DDoS) attack took out websites on the East Coast and across the United States on October 21, 2016. Websites of all stripes had some level of internet service outage starting Friday morning, including the New York Times, Twitter, Spotify, Reddit, Netflix, Yelp, Pinterest, DirecTV, Box.com, and Ticketfly. Most alarming for online sellers, popular eCommerce sites went black, including Etsy, PayPal, and Shopify. Some Squarespace sites were affected, and even some parts of Amazon’s enormous web domain fell prey to the hacker attack.
This malicious DDoS attack was a warning and a wake-up call for eCommerce sellers. When online stores vanish from the web on October 21, that’s bad. If that same attack hits on Cyber Monday or any of the peak eCommerce sales days between Thanksgiving and mid-December, it could be a disaster. As hackers grow more sophisticated, the question is not if more cyber attacks will hit the web, but when.
Steps you can take to protect your business from eCommerce cyberattacks
How well prepared is your business to handle a malicious attack? Do you use backup servers for your eCommerce store? Do you routinely back up your storefront? How well is the eCommerce platform you sell on insulated from a cyberattack?
Keep your systems up to date
Hackers look for holes in eCommerce software. As developers become aware of these problems, they create patches. Always install software updates. That will reduce the number of avenues cybercriminals have to access your site.
Use antivirus software
Antivirus software is a good investment. These apps will scan your site for attempted hacks, alert you to vulnerabilities, and install defenses to keep hackers out.
Sell only on platforms with strong security against eCommerce cyberattacks
A security breach on your eCommerce platform could affect your business and your customers. Make sure the platforms you choose have good security protocols. For the record, Amazon stands out as one of the largest retails never to have been hacked.
Add internet security to your checklist of questions when you are choosing the best eCommerce platform for your web store.
Don’t keep sensitive customer data in your system
Use third-party payment processors at checkout. These pros have the resources to build excellent defenses against cybercrime. When you store your customers’ personal information in your system, you open yourself up to liability if you have a breach.
How Red Stag Fulfillment protects clients from service interruptions
Your online shop isn’t the only segment of your business that could be affected by hacker attacks, however. You could be humming along, taking customer orders in New York and turning over product, but if your fulfillment center in Ohio loses power or internet access (or both), those orders will stop dead in their tracks at the 3PL warehouse. The cause could be a DDoS attack or a freak storm – the results are the same.
Here are three important steps that Red Stag Fulfillment takes to make sure your orders keep moving, no matter what.
Fix the code
Red Stag Fulfillment employs an internal technology team, not a third-party company or contractors, to troubleshoot the connections between our fulfillment center and your eCommerce store. If there’s a problem, we’re on it. We need to keep your orders flowing into our fulfillment warehouse and out the door to your customers.
Backups for our backups
Red Stag Fulfillment’s order fulfillment system lives in the cloud. We use two different internet providers so, if one loses service, we can rely on the other. But that isn’t enough for us: we also have satellite-based internet service as a triple backup.
All power to the fulfillment center
If the power goes out in Knoxville, where Red Stag Fulfillment is based, or in the whole state of Tennessee, our warehouse will keep on humming. We have backup power to keep the lights on and the computers running through a worst-case scenario.
When we say no matter what, we mean it. Zombie apocalypse? No problem. Red Stag Fulfillment will keep shipping out zombie-proof coats and books on self-defense against zombies without interruption.
We think this extra level of preparedness makes us stand out from our competition. More importantly, we think it makes our customers’ businesses stand out too. If you can’t get your merchandise out, your eCommerce business is dead in the water. Downtime and shipping delays are classic ways to lose customers to your competition. We don’t want that to happen to you.
At Red Stag Fulfillment, we believe that your eCommerce fulfillment center should never be the bottleneck in your business. We will pay you $50 any time we cause an order to be late. We can’t control for Russian hackers, freak blizzards, or shipper meltdowns, but we guarantee we will keep your product flowing out our doors.
Solana S Barton
Where are your sources for the claim of attacks on shopify and squarespace?
Hi Solana. The information comes from cybersecurity publications as well as the companies themselves. Shopify has a statement and Facebook post from Nov. 28 of that year, while Squarespace has a published statement on the DDoS attack on Dyn that occurred in Oct. 2016. Good luck in your studies!