How cyber security is affecting the business model daily
The modern marketplace is an ever-evolving place that continues to change daily. E-commerce (Electronic Commerce) is a wide range of transactions that occur over the internet. This industry has helped change the way that consumers purchase and receive their goods and services. In addition to changing shopping habits, the world has been presented with a new set of security issues that need to be addressed to ensure everyone’s continued safety. Addressing the security concerns of the new-found marketplace falls under cybersecurity. While the name sums up the purpose of the program, there are several different ways it can be used to deal with arising issues.
The traditional marketing experience for most consumers entails several different steps. First, you must go to the location in person. Once the goods or services being exchanged are agreed upon, and the price, two parties exchange products and payment. This completes what most consumers relate to as the sale of goods. While the methods of paying for goods or services has changed, the process has not changed much. Near the end of the twentieth century, the internet began to offer alternatives to traditional shopping. Ecommerce refers to any commercial transaction processed online (Ecommerce Guide, n.d.). By allowing consumers to purchase goods and services from anywhere, transactions can span the globe. Ecommerce also provides transaction processing for more than businesses to consumers. In all there are seven different main types of Ecommerce transactions. These include Business-to-consumer (B2C), Business-to-business (B2B), Consumer-to-business (C2B), Consumer-to-consumer (C2C), Government-to-business (G2B), Business-to-government (B2G) and Government-to-consumer (G2C) (Ecommerce Guide, n.d.). In two-thousand and fifteen, ecommerce sales totaled over one-trillion five-hundred-million dollars and is expected to have increased to three-trillion five-hundred-million dollars by the end of two-thousand and nineteen (Ecommerce Guide, n.d.).
While most businesses are beginning to recognize the importance of Ecommerce, the marketplace is still changing to this day. Over nine-thousand major retail store locations are slated to close this year alone in the United States (Whiteman, 2019). Let that number sink in for just a minute. Nine thousand physical buildings are going to lose their tenants. The managers, assistant managers, cashiers and stockers who worked at them are going to have to find work in another line of business since these locations will not be opening again. Across the land, the former malls that rose to prominence in the sixties and seventies now sit abandoned. While some businesses have adapted to this changing landscape, those nine thousand represent either changes in the business plan or complete failure to adapt (Whiteman, 2019). The closing of retail locations represents one of the many ways the nations transition to Ecommerce has affected everyone. Some major retailers have changed the way they operate to attempt to remain relevant. Almost every major grocery store now offers curbside pickup and home delivery. Even ordering household goods through websites is becoming more common place. The consumer mindset has changed, and the idea of saving time is now more crucial than saving small amounts of money associated with Ecommerce fees.
While B2C interactions account for a large chunk of Ecommerce business, it is important to remember that Ecommerce transactions apply to any online based transaction. If you have ever purchased your college books online, you have made yourself part of the Ecommerce community. Businesses that order their stock shipments electronically are pushing Ecommerce transaction on a much larger scale. The world has advanced in such a way that documents formerly needing to be signed in person can now be signed electronically and submitted wherever they are needed. Most organizations will still utilize some form of brick and mortar store with an Ecommerce presence. The key to survival is learning how to navigate both worlds. The upside for many organizations has been the ability to distribute their goods across a much wider market than ever before. One-thousand years ago, if a merchant made goods in Spain and wanted to sell them in the Roman markets, those goods would need to be carted to the location in hopes of selling them. Even thirty years ago, retailers spent millions of dollars on attempts to drive customers into their stores to buy goods and services. Now, every vendor has a potential global market for their goods. Everyone in the world with computer access could compete in the marketplace.
While no one truly knows what the future of any industry holds, Ecommerce seems poised on the edge of rapid potential growth. Ecommerce has consistently shown over half a trillion dollars per year growth with no signs of slowing yet (Ecommerce Guide, n.d.). Companies such as Amazon, Wayfair and others continue to expand their services to customers. With the addition of so many online retailers, other industries are seeing potential gains too. Most social media websites now have either marketplaces or the ability to link business websites. Website developers now design and deploy websites at blazing speeds. Even games have moved into Ecommerce by allowing players to purchase content directly in the game. As people begin to adjust to the idea of everything Ecommerce entails, more business avenues are added each year. One of the key facts to remember is that new and emerging markets will offer businesses access to nearly three-billion new consumers they previously had no ability to reach (Roach, 2019). Market expansion alone could move Ecommerce sales to even higher numbers than projected before. Along with the buying habit changes are the changes in the way products are reviewed. Traditionally, consumers would read reviews of other consumers to determine whether they wanted to purchase said products. Now, businesses are being forced into providing short videos of products to lure the customer into the final sale (Roach, 2019). Part of the reason for this lies in the fact that consumers cannot physically see the product until arrival and the other part is access to everything at one's fingertips. Since mobile carriers now represent such a large portion of the market, retailers have shifted their focus to making the online experience seamless for mobile devices (Roach, 2019). The future continues to shine brightly for those poised to take advantage of the Ecommerce boom.
With the increase in opportunities for revenue comes the increased opportunity for breaches. The number of attacks and the sophistication of them continues to increase each year. The first nine months of two-thousand and nineteen yielded a record breaking five thousand plus breaches (IT Solutions Tonight, 2019). While not all attacks are on a massive scale, most affect less than one hundred people at a time, the severity of the situation is constantly brought to light. The latest reported breach contained over three-hundred million records of various sources (IT Solutions Tonight, 2019). The scariest prospect about this breach is no one is aware of how the server came into existence. The server, on a server farm, had no registration attached and appeared to have just sprung into existence. The data also came from multiple various sources and not one specific breach. Attacks like this highlight the concern about confidentiality of information that websites continue to mine. Eventually, some form of accountability must be placed on the gatherers and those who store it.
With all the increases in Ecommerce, network security specialists have been forced into this rapidly changing landscape. Cybersecurity is protecting programs, systems and networks from digital attacks (Cisco, n.d.). Remember when the first Brick and Mortar stores were developed and located across the land? During the previous era, physical threats brought the need for physical security. Armed guards stood over the entrance way, deterring would-be criminals before they could strike. When retailers began moving to web-based sales techniques, the criminal element followed closely behind. Instead of armed robbers or petty shoplifters, web users face phishing attempts, ransomware, malware and social engineering exploits (Cisco, n.d.). The tactics have changed drastically but the objective is to remove property from the rightful owner. Cybersecurity allows businesses, consumers and government agencies to operate without fear of being exploited. Most organizations have come to accept the fact that in order to successfully utilize Ecommerce, security is imperative.
For everyone’s security, Ecommerce and cybersecurity protocols must work together cohesively. In one security breach alone, over one-hundred and fifty million social security numbers were exposed (Anderson, 2018). With breaches of this magnitude, is it any wonder why security should be at the front of everyone's mind? Another source states that one in every five online retailers will eventually be the victim of fraud in one form or another (IT Solutions Tonight, 2019). Cybersecurity provides organizations with the tools needed to protect both the provider and the end user. Networking personnel often use the CIA triad, confidentiality, integrity and availability, to determine what information to secure and how secure it should be. This delicate balancing act is the first step in the long process. These policies can lead to unending headaches if not implemented correctly at the beginning. If network engineers limit accessibility too much, necessary information may not be accessible. On the other hand, allowing too loose of protocols can compromise the confidentiality and allow outsiders to access sensitive information. When the first customers began purchasing any products or services online, the need for security was instantly born. The relationship is in a constant state of flux as is the Ecommerce industry itself. As each possible threat is dealt with, new threats arise and must be handled daily. Without constant oversight, the industry would collapse.
When determining the best way to secure any Ecommerce integration, the National Institute of Standards and Technology (NIST) has laid the basic groundwork for best practices. While the framework does not specifically lay out the exact steps it does provide the basis upon which to build a custom security program for any industry (NIST, 2013). Most organization will perform the needed risk assessment, evaluate the weaknesses identified, address them and continue evaluating. The amount of time for this life cycle will vary depending on the threats found and time needed to address those weaknesses. The six-step framework, which is categorize, select, implement, assess, authorize and monitor, is the basic lifecycle every protocol will follow (NIST,2013). Threats are assigned according to potential harm and likelihood of occurring. Events that have a low likelihood and low impact do not require as much attention. High probability and high-risk items need immediate attention. By following these initial best practices, most organizations will set themselves apart from unprepared groups around the world. Another consideration organization must make regarding Ecommerce relates to payment card industry (PCI) compliance. Since PCI is an outside standard, these scans should be performed regularly and monitored for any errors (CWCS, 2018). Credit card payments also have additional security verifications that organization may opt to use. The address verification system (AVS) matches the address entered against the address stored in the financial institutions database. The card verification value (CVV) code is located on the credit card and is either three or four digits. When organizations use one or both, they decrease their chances of fraudulent activity. Additionally, since payment card processors offer different rates, the group may be able to reduce their overhead when using more secure measures. While these safeguards are a solid foundation, best practices are much more complex for most parties. Another specific set of protocols Ecommerce providers should use are penetration testing, use of firewalls, Intrusion Detection Systems (IDS) and have a Security Operations Centre (SOC) in case of attack (SoCyber Publishers, 2018). These programs help to monitor any attempted breaches from outside sources. If any of these security measures are alerted, the RMF from above should have the response plan clearly laid out and help mitigate the potential damange. Other ideas that may be implemented include secure digital wallets, using a payment server gateway and merchant software to protect the organization and consumer (SoCyber Publishers, 2018). The idea behind these steps are to help verify that the people conducting the business are indeed who they claim to be. A cautionary reminder that best practices only protect against known issues and organizations should always be on guard for attacks that fall outside their normal scope.
While knowing what best practices are available helps set the organization on the correct path, determining the needs for the future can require more forethought. Since Ecommerce continues to press the boundaries and expand what falls under its umbrella, organizations may be tempted to develop the follower mentality. Followers tend to ignore potential problems until either other address them or it manifests into reality. While DDoS attacks and phishing are well established means of attack (Java T Point n.d.), thieves and hackers constantly use new tactics to attempt to assert control over businesses. These new methodologies still employ some old school techniques. For example, social engineering can now be used to gain access to merchant’s online processing credentials and change any number of parameters. Imagine being able to route all transactions through a different checking account than the retailer had selected. Most businesses could process for days before realizing the system was compromised. These unforeseen and unanticipated attacks are where the emergency response plan outlined by NIST would be best suited. While implementing the framework is one of the best practices, have a clear pathway in place to address unanticipated attacks helps ensure that when these occur the damage is minimal (CRSC, 2019).
Since the basic foundations of what should be done has been laid out, the last step is for the Ecommerce entity to implement this plan. First and foremost, the organization must decide whether they will handle implementation internally, by outsourcing or using a hybrid compilation of both methods (PNNL, 2015). All three possibilities have positives and negatives that need to be addressed before the final decision. Deciding to keep the entire security program in-house has the added benefit of the agents already knowing the systems. The drawback would be the team assuming that they already know their vulnerabilities and making themselves susceptible. Using completely outside resources can offer similar positives and negatives. While these agents do not have to focus on anything besides security protocols, they may need to use a huge amount of time to learn the systems. Hybrid teams are unique in that they pull from both knowledge bases at the same time. The main drawback would be having to split the focus of the group to keep up with all their existing demands. Three of the key areas are the Risk Assessment, Response and Monitoring. When the organization uses these three components, the majority of potential risks can be mitigated. Existing organizations need to remember that implementing these projects can take up to two years, so planning should start as soon as possible. Implementation of the plan is not the end of the plan either. Periodic assessments should be performed to ensure any possible breaches have not been left exposed. Continued evaluations are the area most groups tend to let lapse. The mindset that once the plan has been placed no other measures are needed allows would be attackers to gain access to what appears to be a secured network.
Ecommerce and cybersecurity are two industry's that are still in the process of maturing together. As organizations continue to delve deeper into the expanses of Ecommerce, the relationship between the two will continue to become more entwined. The need for increased security will only continue to grow as the market keeps shifting away from traditional stores to the online platform. While the future may not be entirely clear, the melding of these two industries is assured.
Anderson, J. (2018). The Importance of Cybersecurity in Modern E-Commerce. Digitalist Magazine. Retrieved from https://www.digitalistmag.com/customer-experience/2018/03/09/importance-of-cybersecurity-in-modern-e-commerce-05963816
Cisco. (n.d.). What is Cybersecurity? Cisco Systems. Retrieved from https://www.cisco.com/c/en/us/products/security/what-is-cybersecurity.html
CSRC. (2019). NIST Framework Information. Retrieved from https://csrc.nist.gov/
CWCS. (2018). Understanding the Importance of E-Commerce Security. CWCS Managed Hosting. Retrieved from https://www.cwcs.co.uk/blog/2018/10/understanding-importance-e-commerce-security
Ecommerce Guide. (n.d.). What is Ecommerce? Retrieved from https://ecommerceguide.com/guides/what-is-ecommerce/
Guynes, Carl & Wu, Yu & Windsor, John. (2011). E-Commerce/Network Security Considerations. International Journal of Management & Information Systems (IJMIS). 15. 1. 10.19030/ijmis.v15i2.4147. https://www.researchgate.net/publication/298331457_E-CommerceNetwork_Security_Considerations
IT Solutions Tonight. (2019). Why is Security Important for eCommerce? Retrieved from https://itsolutionstonight.com/why-is-security-important-for-ecommerce/
Java T Point. (n.d.). Cyber Security. Retrieved from https://www.javatpoint.com/security-threat-to-e-commerce
Kaspersky. (n.d.). What is Cyber-Security? Kapersky Lab. Retrieved from https://usa.kaspersky.com/resource-center/definitions/what-is-cyber-security
NIST. (2013). Security and Privacy Controls for Federal Information Systems and Organizations. Joint Task Force Transformation Initiative. Retrieved from https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf
PNNL. (2015). How to Implement Security Controls for an Information Security Program at CBRN Facilities. CBRN Centres of Excellence. Retireved from https://www.pnnl.gov/main/publications/external/technical_reports/PNNL-25112.pdf
Roach, A. (2019). The Future of Ecommerce: How Ecommerce will Change in 2019 and Beyond. Oberlo. Retrieved from https://www.oberlo.com/blog/future-of-ecommerce
SoCyber Publishers. (2018). Cyber Security for E-Commerce. Retrieved from https://so-cyber.com/cyber-security-for-e-commerce/
Whiteman, D. (2019). These Chains have announced a tone of Store Closings in 2019. Money Wise. Retrieved from https://moneywise.com/a/retailers-closing-stores-in-2019