Lock up your data ecommerce companies are warned
According to Imperva's recent Web Application Attack Report most applications have suffered attacks four or more times per month whilst some are under almost constant attack. In addition retail sites suffer twice the number of SQL injection attacks compared to other industries.
The report also finds that the US tops the list globally as the source of web-based attacks.
Security solutions company Cenzic believes that the level of attacks is due to companies prioritizing the security of their assets rather than their data. Tyler Rorabaugh, VP of Engineering at Cenzic says on the company's blog, "Companies tend to approach security using a traditional perimeter based security model -- they first establish a perimeter by monitoring assets, then focus on risk analysis and management. The problem is that it's like putting a fence around a piece of property but the area that the property is located in is constantly changing and evolving. Let's face it, today's businesses are data-centric, where data is the core of their business, but our security models are focused primarily on assets and not the data itself".
Enterprises need to take steps to minimise attacks and secure their data. Rorabaugh adds, "Web Application Firewalls and Database Firewalls help, but you must proactively test your applications and data access points with automated attack systems, pen testers and application security testers, and you must do this constantly. There are only a few types of hackers -- those that want to prove a point, gain respect or learn, those that are concerned about something you may be doing, and the last and most important of these are those that want your gold (data) or are in it for the money."
Do you believe ecommerce companies are doing enough to protect your data when you shop online? Let us know via the comments thread.
Photo Credit: Maksim Kabakou/