Threat from Cyber attacks, approach and mitigations

The saying "If it sounds too good to be true, it probably isn't" is more relevant today than ever. As the world shrinks with faster travel and widespread use of smartphones and satellites, these connections also create opportunities for exploitation by those looking to take unfair advantage.

In my observation, it's fascinating to note that there's a uniformity in the approach toward IT investment, particularly in cybersecurity, across various business sizes—from startups to mid-sized companies in the e-commerce sector. This trend holds true for all but the largest enterprise-level organizations.

In last 4 years, I have personally heard atleast 5 examples of business I came across where they lost there entire website and along with it any SEO as they didnt had any backup whatsoever. However, the mentality towards IT investment or the curiosity to safeguard hardly improved post the incident.

Frugal and Amateurish approach to E-commerce is to blame

Services in web development domain in India have shown poor track record in terms of adapting to latest technologies and continue to offer frugal development practices to customers. There are ample customers seeking to develop cutting edge technologies for few thousand rupees and even more number of agencies promising to do it. E-commerce start-ups and folks responsible for decision relating to e-commerce development must introspect why India is seeing such a surge in attacks and if it all is possible to do what they want in the kind of budgets they are allocating.

Increased Cyberattacks Post-Pandemic

As Indian e-commerce has flourished, particularly post-pandemic, so have the cyber threats. The surge in online shopping has unfortunately made e-commerce platforms attractive targets for cybercriminals. These attackers exploit high traffic and the quick scaling of services, which can often introduce vulnerabilities in hastily deployed systems.

Common Threats and Notable Incidents

Credential Stuffing and Account Takeovers: The convenience of reusing passwords has its downsides. This bad practice has led to numerous incidents where attackers gain unauthorized access to user accounts.

API Vulnerabilities: Many platforms rely heavily on APIs to connect with various third-party services. However, misconfigurations and insecure API endpoints have been the Achilles' heel for many, leading to significant data breaches.

Ransomware: Once more common in institutional settings, ransomware has found its way into the e-commerce sector, disrupting operations and causing data loss.

Recent Examples of Cyberattacks on Indian E-commerce:

• BigBasket (2020): Over 20 million users' data was compromised and found on the dark web.

• MobiKwik (2021): Data from nearly 100 million users, including sensitive financial information, was exposed online.

• Air India (2021): Personal data of 4.5 million passengers was compromised due to a breach in their passenger service system.

• Meesho (2022): Unauthorized access to databases exposed personal information of registered sellers.

• Nykaa (2021): A vulnerability exposed personal data, underscoring risks even for beauty and wellness platforms.

• Swiggy (2020): A data breach potentially exposed personal data of millions of users.

• Juspay (2021): Sensitive data of millions of users were exposed due to a data breach.

• Upstox (2021): A breach exposed personal and financial data of 2.5 million users.

• Domino’s India (2021): Data of 18 million users, including sensitive information, was exposed.

• Snapdeal (2022): A credential stuffing attack compromised customer accounts.

Key Vulnerabilities and Best Practices

Lack of Robust Authentication: Many platforms still rely on outdated single-factor authentication, which is easily bypassed.

Third-Party Risks: E-commerce operations depend on multiple third-party services, where a lapse in any can jeopardize the entire operation.

Data Management Issues: Improperly configured databases and storage solutions are a significant risk, leading to data leaks.

Mitigation Strategies:

1. Enhanced User Authentication: Implementing multi-factor authentication can significantly reduce unauthorized access.

2. Regular Security Audits: Ensuring all systems are regularly tested for vulnerabilities.

3. Secure Software Development: Adopting security-focused development practices.

4. Data Encryption: Essential for protecting sensitive data both at rest and in transit.

5. Educating Consumers and Employees: Awareness about cybersecurity is critical for preventing breaches.

Digitup's E-commerce development approach

We have developed E-commerce sites for global brands like Lipton during pandemic with a comprehensive architecture, built around several layers of security. Regular update of code, vulnerabilities and using technologies with high reliability and reputation along with a robust VAPT process.

Conclusion

While it’s essential to be budget-conscious, it is equally important to invest adequately in cybersecurity. The cost of preventing a cyber attack is invariably less than the cost of dealing with its aftermath. E-commerce businesses must therefore balance their growth ambitions with the imperative to secure their operations and customer data.