New research has worryingly identified that 87% of SME websites using the Magento e-commerce platform are vulnerable to cyber attack, compared to less than 10% of websites using other major e-commerce platforms.
Researchers from cyber security specialists Foregenix analysed nearly 9 million websites worldwide, including over two million in Europe. 200,000 of the sites surveyed were using the Magento and Magento 2 e-commerce platforms.
The analysis carried out in April and May by Foregenix’s Threat Intelligence Group using its website security solution, WebScan, further revealed the proportion of Magento websites at high risk has increased from just under 80% from research carried out in October last year.
Other findings show the percentage of SME sites using Magento being at high risk is lower in Europe compared to North America. Europe, which accounts for 48% of all websites surveyed, registered 28% of high risk Magento sites. By contrast North America accounts for 43% of global sites analysed, but registered 60% of high risk sites.
With small differences, 1.4% of the total number of Magento sites globally are compromised and showing signs of payment card harvesting malware stealing their customer data. One exception to the trend is Europe where 0.63% of Magento sites were compromised.
Sites assigned as high risk generally miss critical security patches or have serious security vulnerabilities such as an exposed admin page. Many of these issues can be easily resolved.
A study by Hiscox in October found a cyber breach costs a small UK business on average £25,700 in ‘basic clear-up’ costs. Indirect costs such as reputational damage and difficulty attracting new clients were unmeasured but the insurer believes these are even more costly.
Foregenix’ chief commercial officer Benjamin Hosack comments:
‘Magento is a market leader for good reason. However, this leadership position also attracts the attention of criminals looking for easy targets, such as websites that have not kept their Magento software up to date or have basic security flaws like leaving their admin page unprotected.
‘In the vast majority of cyber attacks victims are small local businesses which never thought they’d be a target for criminals and didn’t realise when they were hacked. Their payment data can be leaked to criminals for months on end before they are notified by credit card companies.
‘Most breaches aren’t a result of extremely clever cyber criminal techniques. They are simply the result of basic security issues that have been overlooked by the website owners and developers. A few basic precautions such as deploying software patches quickly can make a big difference to minimising risk, whichever platform is used.’
Companies can check their websites risk for free, please visit: https://webscan.foregenix.com/