New research has found 87% of SME websites using the Magento platform are currently at high risk from cyber attacks.
By contrast, under 10% of websites using other major e-commerce platforms surveyed register in the same high risk category.
The research, from cyber security firm Foregenix, analysed nearly 9 million websites worldwide, including 150,000 in Oceania – Australia and New Zealand – and over 400,000 across Asia. 200,000 of sites surveyed worldwide use Magento (and companies using Magento 2 were also covered in the research).
The analysis carried out in April and May by Foregenix’s Threat Intelligence Group using its website security solution, WebScan, further revealed the proportion of Magento websites at high risk has increased from justunder 80% from research carried out in October last year.
Asia’s risk score was recorded at 3.7, which is slightly below the global average, while Oceania’s is joint top at 3.9. With small differences, 1.4% of the total number of Magento sites globally are compromised with most of these showing signs of payment card harvesting malware stealing their customer data.
A 2019 study by Chubb on SMEs in Hong Kong, Australia and Singapore showed that while the majority of small businesses had experienced a cyber attack in the previous year, 62% were not aware of all the cyber threats they encounter.
Foregenix’s Sydney based managing director for Asia-Pacific Raymond Simpson comments: ‘E-commerce has been recording substantial growth in the Asia-Pacific region in recent years and it’s not gone unnoticed by cyber criminals.
‘Magento being a leader in e-commerce platforms attracts the attention of criminals looking for easy targets, especially when websites do not have the latest Magento software or have basic security flaws like leaving their admin page unprotected.’
Simpson, who helped establish a new regional hub in Singapore earlier this year adds: ‘In the vast majority of cyber attacks, victims are small local businesses which never thought they’d be a target for criminals and didn’t realise when they were hacked. Their payment data can be leaked to criminals for months on end before they are notified by credit card companies.’
Foregenix‘ chief commercial officer Benjamin Hosack comments: ‘Most breaches aren’t a result of extremely clever cyber criminal techniques. They are simply the result of basic security issues that have been overlooked by the website owners and developers. A few basic precautions such as deploying software patches quickly can make a big difference to minimising risk, whichever platform is used.’
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.