As a qualified PFI with the largest Forensic team in Europe, we are continually honing our skills and expertise in tackling the ever-evolving cybercrime world on the front line. Cybercrime heavily affects everyone involved, be it the company getting hacked or the user’s details being stolen.
So why isn’t every company on top of their cyber security? Likely because your business sells car parts or bespoke curtains and blinds - our Forensics team can’t fit you a new cam belt or make you bespoke roman blinds and eyelet curtains, and the principle is largely the same in reverse. It’s important to seek experts for the things you don’t know. A common misconception is that speaking to Security Experts will be costly, and to a degree you would be right, which is why for the same reason you can now order bespoke made to measure curtains online and fit them via a YouTube step-by-step guide. Similarly, you can use technology for a fraction of the cost of a security consultant.
With the popularity of off-the shelf ecommerce platforms increasing, so does the efficiency of vulnerabilities, coupled with the fact that exploits now spread like wildfire with media attention and social media outlets. There is a classic misconception - because you are using a well-known brand and/or well-known third parties that the overall responsibility of your business and client data does not sit with you; the demarcation of responsibility is no longer black and white. Quite simply, broadly speaking, there is a lack of basic security controls and security mind-set in the e-commerce world - we often see the response “what is PCI DSS?” Lots of SME’s believe security to be in a physical sense and spend a fortune on alarms, CCTV, Locks etc., when in actual fact the real threat is in the cyber world where the monetary costs and fines can be enormous, along with the company’s reputation being damaged and lots of other unquantifiable issues that you will become aware off.
Most attacks we see are extremely simple to execute and by the same token, relatively simple to prevent.
Implementing these 4 controls will help to detect the vast majority of e-commerce breaches and will provide an extremely secure environment; it is however not a silver bullet and security awareness is key. In the same way you would tell your employees to ensure they lock the office up and ensure all alarms are activated, you should also make sure that they are aware of security best practices in the e-commerce world.
Referring back to the beginning of this blog, it is important to do your homework and look for the right technologies and services that will help your business. Foregenix have created a tool called ‘FGX-Web’ which, aside from providing essential protection and security monitoring, forms a critical part of our forensic investigations. It enables our team to quickly gather forensic telemetry, supplying critical information they need to be able to secure an infected website.
Not only does FGX-Web protect and alert you from the get-go, it’s also constantly evolving. Our Forensic team uses it daily, so whenever we find a new vulnerability FGX-Web gets updated to search all current users for the same vulnerability. We call this “Community Health”. As well as this, you can also use your own custom parameters.
FGX-Web Protect comes free for a year within our Forensic Investigations packages, offering all of the above-mentioned controls and much more. Read more about FGX-Web here or call 0845 309 6232 to speak to one of our experienced team.