Canadian businesses in ecommerce are struggling to deal with cybercrime, just like other online businesses around the world. Our situation is unique because of our relatively recent entry into the world of digital commerce. Many businesses were slow to embrace online sales in this country, in spite of the high demand for it from Canadian consumers. The pandemic fast-forwarded our digital transformation to a point where we’ve almost caught up with our international counterparts, but we weren’t necessarily ready for it.
Cybersecurity is one of the areas that’s been neglected in the scramble to “just get online,” resulting in an alarming growth rate of cybercrime in this country.
The most frequent cybersecurity incidents in Canada in 2021 were:
- Scams & fraud
- Hacking & password cracking
- Malicious software (excluding ransomware)
- Identity theft
- Exploiting software, hardware, or network vulnerabilities
- Ransomware
It’s important to note that cybercrime in Canada isn’t necessarily typical, by comparison to other countries.
“This study shows that Canadian organizations experience unique fraud trends compared to global and U.S. averages. The growth in bot volume in Canada was substantial and certain industries such as financial services experienced some of the highest attack rates globally,” said Alanna Shuh, director, fraud and identity strategy for Canada, LexisNexis Risk Solutions. “It’s clear that organizations utilizing a global intelligence consortium and layering solutions at each consumer touchpoint are better equipped to stop fraud in its tracks, especially given the increasing size and complexity of global fraud networks.”
The 2022 LexisNexis Risk Solutions Canadian Cybercrime & Fraud Trends Report found Canadian ecommerce businesses are facing the following challenges:
1. Rapid growth, with 32 percent year-over-year (YOY) growth in digital transactions
2. Canada is exceptionally active on mobile devices by comparison to other regions, with 80 percent of transactions going through mobile channels. This country’s mobile browser attack rate of 5.1 percent reflects the high usage, at almost double the global mobile browser attack rate.
3. An alarming increase in attacks in some industries. For example, there was a 30 percent increase in human-initiated attacks, and a 52 percent increase in bot attacks YOY in Canada. Ecommerce experienced a 183 percent jump in bot attacks, while financial services experienced a 31 percent increase in human-initiated attacks.
In view of these issues, it comes as no surprise that the price of data breaches in Canada are higher than they’ve ever been.
“The consequences can be incredibly costly, especially for North American business leaders, with the average cost of data breaches in the U.S. and Canada estimated at $9.4 million and $5.64 million respectively (global average is valued at $4.34 million),” says Les Matthews in Mastercard’s Securing the Digital Economy report. “Despite those costs, business leaders do not invest in proactive defense for their businesses – only 39% have implemented ongoing vulnerability assessment tools.”
Canadian Cybersecurity Investment
Canadian online sellers are investing in better cybersecurity in an attempt to thwart criminals and that spending is increasing, according to Statistics Canada.
Cybercrime Business Resources
The best defense against cybercrime is knowledge. Stay on top of the latest threats and learn everything you can about prevention.
Following are some reliable, Canadian resources:
Canadian Centre for Cyber Security
Government of Canada Cyber Safe Resources
10 Questions to Ask Your Web Host About Cyber Security
Simple Ways to Protect Your Home Business from Online Threats
Cyber Security Challenges for Ecommerce Businesses
In the following press release, Indusface identified security challenges facing ecommerce businesses today, as well as how to handle and prevent cyberattacks. Use it to outline your cybersecurity strategy, including prevention and incident control.
San Francisco, November, 2023
1. E-Skimming
E-skimming is one of the biggest issues that ecommerce businesses can face. Using e-skimming, hackers steal sensitive payment information during the checkout process. They do this by injecting malicious scripts or code in the checkout page by exploiting vulnerabilities in the website. Once a cyber criminal gains access to consumer information such as credit card numbers, expiry dates, CVV numbers and so on, these details are then used to commit a variety of financial fraud. Not only will the end customers lose their trust in the business, but also the business will get fined as per PCI guidelines.
2. Distributed Denial of Service [DDoS]
Distributed Denial of Service attacks seek to disrupt the normal traffic of a server or network, by overwhelming its infrastructure with excessive internet traffic. These attacks utilize computer systems infected with Malware, which allows hackers to control them. As a result, the business’ website will be unavailable or slow to access. Depending on the severity of the attack, the website can be down for a number of hours or days at a time. If an eCommerce business experiences one of these attacks, they may face large scale revenue losses, posing significant risk to SMEs. In severe cases, these revenue losses can lead to a company shutdown.
3. Price Wars
A competitor could use bots to scrape the pricing details of an e-commerce business’ catalog. From this, they can alter the pricing in their own website to undercut the business and thereby causing financial losses.
4. Phishing
Phishing is a very common method used by cyber criminals in an attempt to trick businesses or their customers into sharing personal information such as passwords, credit/debit card numbers, and account details via email. If hackers obtain any of this information it can be very easy for them to access confidential online accounts. This can lead to a large data breach for eCommerce companies. If adequate cyber security protection is not in place within the business, these attacks may go unnoticed, leading to great issues such as risk of Malware infections.
Key Cybercrime Threats During the Holiday Season
Venky Sundar, Founder and President of Indusface, provides comment on key threats to ecommerce businesses around Christmas time, how to prevent these, and ways to prevent or rectify attacks.
“The biggest threat is the availability of application. After all, if the website or app is down, how will the e-commerce firm make money during the holiday season? An application could be brought down by 1) a DDoS attack or 2) injecting malware into the site resulting in the site getting blacklisted across major networks.
The aspects of the business most likely to be attacked are:
- Technology (Website or App): This is where hackers try to bring down the application either through DDoS attacks or through exploiting application vulnerabilities.
- Supply Chain: Hackers could also use bots to scrape information on inventory and pricing to carry out supply chain attacks by either causing inventory stock outs or undercutting the prices.
- Fraud: By using advanced bots for cracking credit cards, hackers can cause a lot of losses.
Attacks can be costly for businesses. Depending on the size of the business, if an e-commerce site processes 100s of orders every hour, DDoS attacks could cause a lot of damage as even a 1-hour downtime could lead to losses in five or six figures. In case of smaller businesses, card cracking, account takeover and other bot attacks could cause significant losses.
In an attempt to avoid cyber criminals from attacking your ecommerce business, you may want to go for a security provider that offers managed services and has clear SLAs on downtime and an “under attack” response time. That way even when your team is out of office, you have someone who has got your back on application security and is supporting you when your team is either on vacation or working overtime to fulfill orders, which is your core business.”
We’ve Been Attacked!
If you find your ecommerce business under attack, there are some steps you can take to rectify the situation:
Scenario 1:
You have a world class WAAP (Web Application and API Protection) WAF (Web Application Firewall) and have managed services as part of the contract. In this case you just escalate it to their team and they’ll help you thwart DDoS and bot attacks. In case of an attack on open vulnerability, they should be able to help you with virtual patches to plug the vulnerability.
Scenario 2:
You don’t use any WAF or you have a WAF but most of the maintenance on that is self-service.
If it is a DDoS or bot attack since you don’t have the resources to stop it on your own, at the risk of upsetting some of your genuine users, enable site-wide captcha till the attack traffic dies down. While this will upset a few of your users, you will not risk losing the entire business as your site goes down.
In case of a vulnerability attack, make sure that your dev team applies all the patches for known vulnerabilities. Then use AST (Application Security Testing) tools to find open vulnerabilities and patch them at the earliest time possible.
——— End Press Release
What cybersecurity challenges has your business faced recently? Please share your experience or questions in the comments below, or join us in the Online Business Canada Facebook group.
7 Recession Proof Online Businesses To Start From Home
Expert help to choose, start, and run the business of your dreams!
“Almost 200 pages of pure gold…”
——————————————
© CanadiansInternet.com – Content on this website may not be used elsewhere without expressed permission. Thank you for respecting the effort that we have put into our original content.
DISCLOSURE:Â We may receive compensation for links to products on this website. As an Amazon Associate, we earn from qualifying purchases. Our content is provided for informational purposes only and does not guarantee results.
Melody McKinnon is an internet entrepreneur with 25 years of experience in a wide range of online business models, backed by a formal business/marketing education and enhanced by training and mentorship. She has owned or managed both educational and ecommerce websites. Her book, 7 Recession Proof Online Businesses to Start From Home, is available from all major ebook retailers.
Melody has worked with many businesses in a multitude of capacities. She can often be found on CanadianDigitalMedia.com, CanadiansInternet.com, CanadianFamily.net, and AllNaturalPetCare.com, as well as other quality digital publications. Her content has earned reference links from highly-respected websites, magazines and university textbooks.