The pandemic has changed many aspects of life for businesses and pushed many to double down on their online selling channels. With more people online than ever and B2B businesses actively looking to connect with them, malicious actors are quickly moving to take advantage of these trends.
We move into the new year with a more dangerous and rapidly changing cybersecurity landscape than ever. From attacks on health care organizations fighting the pandemic to the SolarWinds breach last month, it seems that nothing is off-limits to today’s intruders.
As more merchants move online, they can expect security risks to follow them there. According to Forrester, digital channels will generate an estimated 17 percent of US B2B sales in 2021. Verizon also reports that eCommerce payment application attacks are overtaking physical POS breaches, and data breaches will be a leading security concern for retailers for some time.
Besides, e-commerce B2B businesses serve large enterprises and governments in areas such as finance, health, and telecommunications, making them an excellent target for those looking to disrupt critical institutions. For B2B businesses and their IT security teams, now’s the time to get serious about safeguarding their technology, processes, and employees.
1. Be aware of the potential costs
With so many employees working remotely, it’s an excellent opportunity for hackers to target security and behavioral vulnerabilities to access corporate data. While B2C sellers typically protect end-user data, B2B e-commerce brands count other businesses as clients, and must also protect their intellectual property, corporate secrets, and operations. Thus, when B2Bs are breached, these incidents tend to be more detrimental than those experienced by B2C businesses.
2. Review possible lines of attack
Unprotected, vulnerable systems
As global technology leaders and enterprises pioneer the move to permanent remote work, they pave the way for others to follow suit. Yet smaller businesses and those moving online for the first time often cope with reduced IT budgets. They must resist the temptation of rushing their digital transformation initiatives. When done under pressure, brands set up poor processes, misconfigure systems, and inadequately train employees.
Phishing and social engineering
Cybercriminals will always follow users and launch attacks that exploit existing behaviors and habits. No one is safe from fears brought on by COVID, and reports warn that users are much more likely to click on a phishing link or submit credentials than they were before the pandemic. If employees use personal devices for work-related activities instead of work-issued ones, they also place their personal data at risk.
When it comes to data breaches, threats posed by insiders and actions taken by rogue employers are third only to external actors and organized criminal groups. Employees in many industries remain uncertain about the economy, and sudden layoffs can make them feel betrayed. Those with unchecked privileged access can use their position to damage the company and relationships between partners and clients.
Application deployment errors
The SolarWinds breach has demonstrated that even the biggest enterprise B2B vendors are not immune from flawed processes that lead to devastating outcomes. Brands must set aside resources to identify potential routes of attack, misconfigured infrastructure, and review their deployment processes for security flaws.
3. Explore ways to protect your business
Maintain sovereignty of your data and move off the public cloud.
Geopolitical tensions are not going away, which only increases the likelihood of politically motivated attacks on technology giants. If you utilize public cloud services, consider moving to a private cloud or on-premise environments. By choosing single-tenant over multi-tenant hosting architecture, brands eliminate numerous security risks posed by shared elements. Without additional access points, there’s less risk of data inadvertently falling into a tenant’s or attacker’s hands.
Review your VPN connections, SSL certificates, and permissions.
Prepare to accommodate your remote workers ahead of time and only give them access to sections that align with their responsibilities. Invest in a secure work environment for your partners, employees, and customers. Build-in network access controls and create policies for classifying data and user prompting. An SSL certificate on your website protects sensitive data through encrypted connections while improving customer trust in your brand. *segregation of duties*
Regularly educate your employees on the latest security threats.
According to Malwarebytes’ recent survey of 200 businesses, over 20% reported they faced a security breach because of a remote worker. Train employees to be vigilant and informed to recognize security issues and enact a chain of command to report suspicious activities. Aside from education, consider instilling proactive security measures that limit the possibility of user-directed attacks or employee exposure to cybercriminals.
Stay updated on security developments and stay compliant.
Artificial intelligence, machine learning, and increased cloud adoption all promise to accelerate security innovation and help brands build resilience. Resources such as OWASP Top 10 and transformative cloud technology like “cloud-native” security, “zero-trust” design, and “SASE” decentralized architecture are some of the developments to help eCommerce brands address their security challenges. Digital commerce brands must stay up to date with PCI DSS certification and SOC 2 compliance, and adhere to various data privacy laws depending on where they do business.
The future is still bright!
Greater reliance on digital selling and remote working may give us more freedom, but also comes with a host of responsibilities. Over the past year, we’ve seen how organizations scrambled to protect data critical to business operations and address breaches in the early days of remote work. California’s CCPA and Europe’s GDPR have demonstrated the willingness of governments to protect the public from threats to their data. New frameworks are being developed to minimize attacks or to lessen their negative impact.
As we move into the new year, B2B eCommerce organizations shouldn’t sit still and invest in new technologies and push ahead with remote work. They should learn from leaders in their industries and implement the right strategies and security safeguards to grow their online business with as little risk as possible.