<img src="https://secure.leadforensics.com/133892.png" alt="" style="display:none;">

We hear about it in the news all too often. Ransomware hitting IaaS and PaaS platforms that in turn paralyze digital commerce businesses by stealing customer data. This type of event can have disastrous effects on your operations as well as customers' trust. But there are ways to protect your business.

Imagine if your webshop is unavailable for hours, days, or even weeks. What would that do to your sales, revenue and bottom line? And how would it affect your customers’ trust in your brand? What if all your customer data got stolen by attackers? The data that is the lifeblood of your business operations, and the core in building strong customer relationships through relevant communication, offers, and campaigns. Would you be willing to pay a ransom to get that data back? If so, how many times a year would you be willing to pay?

Don’t let these questions be an afterthought. Start securing your business now.


Cyber-attacks get smarter and hit harder

With the development of various AI tools, cyber-crime is getting smarter. Therefore, the risks to individuals, companies, and organizations have never been greater. According to Statista, the global average cost of a data breach is 4.45 million USD. The digital commerce sector is particularly hit by fraudsters. Research by Deloitte claims that 91% of e-commerce organizations reported at least one cyber incident over a year.

Recent cyber attacks indicate that cyber criminals are becoming more adept, evolving these actions into more advanced business models. What used to be the work of shady hackers looking for quick money can now be well organized projects with thought-through strategies and detailed action plans.

As an example, we’ve recently seen ransomware attacks where fraudsters have demanded a “customized” ransom amount based on what they believe an organization is capable of paying rather than a random, often high, ransom amount. This development suggests that the cyber criminals have researched their targets and calculated the likelihood of getting paid to maximize the revenues from each attack. One example of these smart cyber-attack models is the Akira ransomware.

What is Akira?

Akira is a new ransomware family that was first detected in March 2023. It is known for its double extortion tactics, a ransomware-as-a-service (RaaS) distribution model, and unique payment options. Akira is one of the fastest-growing ransomware families thanks to its highly experienced and skilled operators. The ransom demands typically range from 200,000 USD to over 4 million USD. According to reports, Akira operators provide victims the option to pay for either file decryption or data deletion; they don’t force victims into paying for both.

The Akira ransomware often targets organizations running a VPN (virtual private network) service without multi-factor authentication configured. Once the ransomware infects a system, it encrypts targeted files using a hybrid encryption algorithm. The Akira ransomware binary also has a feature that allows it to inhibit system recovery by deleting shadow copies from the affected system.

How to protect your digital commerce business

Protecting your business against cyber criminals is a never-ending task. It requires ongoing education, monitoring and improvement of your security efforts. You’ll never be 100% secure but you should do everything you can to increase the cost and effort it would take attackers to break in so that they hesitate to go after your organization. In short, don’t be an easy target.

Here are five ways to get started improving your protection. While these tips are valid for all types of organizations, they are particularly important for digital commerce businesses as an attack in this industry may put your very core operations at risk.


1. Enable multi-factor authentication (MFA) for VPN access 

By enabling MFA, you can add an extra layer of security to your VPN access and reduce the risk of unauthorized access. Employees working from a home office may see this additional authorization step as a hassle and try to avoid it through work-around processes. So it’s important that you clearly communicate to the organization why the MFA process is critical for the security of your business operations.

2. Implement network segmentation

Network segmentation means dividing a network into smaller subnetworks to reduce the attack surface. By segmenting your network, you can limit the spread of ransomware in case of a breach. You may have heard about cyber attacks to a data center where only a fraction of customers was hit. That means the data center had network segmentation in place to limit the damage.

3. Keep your software up to date

Ensure that all your software, including operating systems, applications, and security solutions, are up to date with the latest patches and updates. This is not only a way to get access to the latest features and functions of the software you use. It will also help prevent attackers from exploiting known vulnerabilities.

If you use third-party services to manage your data, you need to keep a close dialogue with vendors to ensure they update software at their end as well. Remember that you are responsible for your data and need to keep track of security risks throughout the entire lifecycle.

4. Educate your employees

Train your employees on how to identify phishing emails, suspicious links, and attachments. This can help reduce the risk of social engineering attacks that can lead to ransomware infections. It’s important to note that security is not solely the responsibility of a small group of people in the IT department. Everyone in the organization needs to have knowledge and awareness of the threats and how to avoid becoming a victim.

5. Backup your data regularly

Regularly backing up your data can help you recover your files in case of a ransomware attack. Make sure that you have a solid plan, schedule, and clear ownership for backing up data. Plus, ensure that your backups are stored in a secure location that is not connected to your network. For your most sensitive data it might also be worth saving backups in a different format. This way you can move to another data center or leverage a redundancy system if your primary one is down or affected by an attack.

Remember, it’s your responsibility to backup your own data, you cannot rely on data center owners or system vendors to do this for you.


Want to learn more?
Check out this 3-step suggestions on how to strengthen your security posture


An employee clicks on a malicious e-mail link. Virus spreads during update of a business application. Huge volumes of orchestrated traffic make an e-commerce website crash. Trusted users deliberately use their privilege access to steal critical data. Check this 3-step suggestion as to how you can strengthen your security posture and avoid ending on the newspaper front page with your data breach being exposed.


Read more


Discuss this post

Recommended posts

As the curtains have closed on the Gartner IAM Summit 2024, it’s time to reflect on the insights and discussions contributed by 971 participants (give and take a few), in or in between the 105 sessions, workshops and round tables, and the 43 vendor exhibitions, all centered around the rapidly evolving field of Identity and Access Management (IAM).
In an era of widespread digitization, companies are vulnerable to criminal activities that can jeopardize businesses of all sizes anywhere and at any time. Addressing this threat, Identity Access Management (IAM) can safeguard enterprises and strengthen their path to achieving growth and business goals, says security expert Andreas Rieber.
How do you ensure IT security in large and complex companies? Add mergers, acquisitions, and carve-outs to the mix, alongside business-critical services that demand nearly 100% uptime and operations spanning multiple countries. The key lies in IAM, or Identity & Access Management, according to security expert Andreas Rieber.
With the rise of personalized e-commerce new security threats occur, affecting trustworthiness among consumers, and ultimately, your profitability. Knowing how to strengthen your brand and why digital identity is key has becomecritical.
Cloud security threats are becoming increasingly complex, with new challenges emerging daily. The transition to a fully digital environment has brought with it added cybersecurity risks, which is why understanding the importance of cloud security is vital in keeping your organization safe.
right-arrow share search phone phone-filled menu filter envelope envelope-filled close checkmark caret-down arrow-up arrow-right arrow-left arrow-down