Magento is one of the most popular eCommerce platforms out there with 260,000 merchants currently using it as their online storefront. It’s the most popular for good reason. It’s a flexible, adaptable, platform with the largest offering of customised and tested extensions.
Due to its popularity, unfortunately, it has become a target for hackers worldwide. It’s common for hackers to target the biggest and the best and there is no exception here. Magento is the largest open source eCommerce platform in the world.
It’s open source nature means there are many people developing it, using it, solving common issues and creating useful extensions for everybody to use. As its reputation grows, so does it’s eco system. The more Magento stores that exist, the more opportunities there are for people with malicious intentions.
Magento are aware of this and take their security seriously, they’re regularly releasing patches and have a dedicated security centre to keep you up to speed. But, there’s only so much they can do if you’re not being proactive. Aside from the initial financial costs of a data breach, there’s also long lasting reputational damage that can destroy a small business.
If your website takes online payments then it’s likely that at some point you will be targeted by thieves trying to steal your customers data. As you may know, one of the prerequisites to being Payment Card Industry Data Security Standards (PCI DSS) compliant is not storing credit card information on your website.
It’s not uncommon to see hacked Magento sites where files have been modified to save customer information and credit card details. These files are hidden in your environment whilst a criminal rubs their hands together. If you’re able to utilise a file monitoring system, you can see which files are being changed on your website and by whom. If you spot an unauthorised file change from a location you’re not familiar with, this should immediately ring alarm bells.
The credit card data is usually harvested for some time in order for the thief to sell the details in bulk, this is also to avoid raising flags with credit card companies. On average it takes a business 6 months to detect a breach and by then, it’s too late.
Ransomware, the malicious software that crippled the NHS alongside many large corporations worldwide has also begun surfacing on Magento websites.
Ransomware will encrypt your websites files. This will block you from accessing your own website until a sum of money has been paid to the attacker. Once the ransom has been paid, your files are unlocked and your environment returns to its previous state. Virtual payment to the hacker is usually the goal of this exploit, using hard to trace funds such as bitcoin.
In many cases the only option other than paying the hackers ransom, is to refer to a clean backup of your website. After your site has been restored to a clean backup, you can enlist professional help to see which area of your environment left you vulnerable to attack. The importance of backing up your website cannot be understated.
There are many ways an attacker can gain access to and manipulate your website; Trojan horses, phishing emails, SQL injections, backdoors and spyware just to name a few. Keeping yourself safe from these threats isn’t easy, but software is available to keep you protected. Web Application Firewalls, Threat Detection, Canary files and well configured Network Firewalls are among the many services that can help you keep data safe.
We offer up a variety of tools to protect you from attackers, most notably our flagship product FGX-Web. FGX-Web is a solution that bakes security into your website. Boasting the ability to protect you from 99.9% of online attacks, it provides you with:
- A cutting edge Web Application Firewall customised to your website
- Malware scanning
- Daily cardholder data scans
- File change monitoring
- Use of our secure seal on your website
- Website access log monitoring
But that’s not all. If you don’t understand cyber-security, or simply don’t have the time to monitor your security, you can utilise our managed service. Our managed service provides you with a dedicated Threat Intelligence team that act as an extension of your security team. They will protect you if you come under attack and respond to any alerts provided by FGX-Web. You won’t need to even think about cyber-security, we’ll have you covered.