Due to increase in broadband penetration more and more companies are choosing online platforms to sell their goods and services. In the last 5 years Indian e-commerce market saw exponential growth. However, in order to make an e-commerce growth story a success, it is essential to protect it from various type of cyber threats like Personal identity theft, Spoofing, Phishing, Trojan, Virus and Malwares, etc.
Technology related threats
The impact of organized cybercrime is evident across various sectors like finance and e-commerce . However, as more and more people access financial services and accounts from their personal devices, service providers and their users are falling an easy prey to the online frauds. The evolution of the digital world and the inherent connectivity of people, devices and organizations, opens up a whole new field of vulnerabilities. More so, organisations are incorporating new technologies in their existing infrastructure without understanding their increasing exposure towards threats.
The attacking power of criminals is increasing at an astonishing speed. Attackers have access to significant funding; they are more patient and sophisticated than ever before; and they are looking for vulnerabilities in the whole operating environment — including people and processes.
In our previous surveys, employees were seen as the most likely source of an attack. In this year’s GISS, employees are still seen as a significant risk. However, for the first time, we found that when the different types of external attacker were combined (criminal syndicates, state sponsored attackers, hacktivists and lone wolf hackers) these threats were considered to be significantly more likely as a risk source. And nearly all our respondents have one or more external attackers included in their rating.
With Big Data coming up-traditional measures to fight with cyber crime are becoming ineffective. In support to above, a full-proof cyber security program is essential for any business. Not only are threats growing, our survey respondents also tell us that there are still known vulnerabilities in their cyber defenses. As a result, organizations are lagging behind in establishing foundational cyber security.
Some of the most common cyber crimes are:
- Advance persistent threats (APTs)
- Authenticity threat
- Mobile App store fraud
- Identity theft threat
- Confidentiality threat
- Speer fishing
- Frauds related to e-coupons
- Financial frauds, etc.
Vendor Related threats
Most of the Indian e-commerce companies have vendor on-boarding systems, via which essential part of the of companies’ business processes is exposed to the outsiders. Also, most of the vendor integration processes are done by the vendors themselves thus making them vulnerable to cyber risks.
Low Budget Allocation
Despite high inflow of funds in e-commerce companies, budget allocation for cyber security remains low. This leads to lack of dedicated resources for adequate cyber security measures.
What organizations need to do to get cybersecurity right?
The first step is to get the foundations right. Given how much attention recent cyber attacks have received, no one can claim they do not know the dangers; so there can be few excuses for organizations that are still not putting basic cybersecurity systems and processes in place.
Once the foundation has been mastered, the next stage is to make your cybersecurity more dynamic and better aligned and integrated into key business processes. Without taking this crucial step, organizations remain vulnerable — particularly when they, their environment and the cyber threats they face are all changing. And then comes the real opportunity: the chance to get ahead of cybercrime. By focusing your cybersecurity on the unknowns — the future and your business’s broader
ecosystem — you can start building capabilities before they are needed and begin to prepare for threats before they arise..
In order to have a proper defense against any cyber threat following should be the objectives for an e-commerce company:
- Maintain confidentiality of data at all times,
- Integrity should not be altered during data transmission,
- All time availability of data within specified time range,
- Authenticity of user seeking access to data,
- Information should be encrypted and decrypted only by authorized users,
- Data should be auditable for integrity requirements
For more on cyber crime read out latest report Get ahead of crime