Research from cyber security specialists, Forgenix, have found that Magento, the open source e-commerce platform, puts 87% of SME users at risk of cyber-attacks when using the programme.
In an analysis carried out of nearly 9 million websites worldwide, 2 million of which were in Europe, Forgenix found that 200,000 sites were using Magento and Magento 2.
The research which uses Webscan, a website security solution, was carried out by Foregenix’s threat Intelligence Group in April and May of this year and saw an increase of 17% for the Magento platform, up from 80% compared to when the research was taken out in October last year.
As an example as to how detrimental these security breaches can be, insurance provider, Hiscox, found in one study that a cyber breach can cost an average of £25,700 for a small business. And that’s just to sort out ‘basic clear-up costs’, let alone the unmeasured damage that impacts on a company’s reputation.
Looking into other websites, the research found that those that used other major e-commerce platforms had under a 10% risk attached to them. However, the survey showed that those SME sites using Magento in Europe was lower than those using it in North America.
Although many issues regarding a company’s security can be easily resolved, sites that contain high risk vulnerabilities, often miss critical security patches.
In response to the report, Benjamin Hosack, Foregenix’ chief commercial officer, has said, “Magento is a market leader for good reason. However, this leadership position also attracts the attention of criminals looking for easy targets, such as websites that have not kept their Magento software up to date or have basic security flaws like leaving their admin page unprotected”.
“In the vast majority of cyber-attacks victims are small local businesses which never thought they’d be a target for criminals and didn’t realise when they were hacked. Their payment data can be leaked to criminals for months on end before they are notified by credit card companies”.
“Most breaches aren’t a result of extremely clever cybercriminal techniques. They are simply the result of basic security issues that have been overlooked by the website owners and developers. A few basic precautions such as deploying software patches quickly can make a big difference to minimising risk, whichever platform is used.”