New research has found 87% of SME websites using the Magento platform are currently at high risk from cyber attacks. By contrast, under 10% of websites using other major e-commerce platforms surveyed register in the same high risk category.
Foregenix analysed nearly 9 million websites worldwide, including over two million in Europe. 200,000 of sites surveyed worldwide use Magento (and companies using Magento 2 were also covered in the research).
The analysis carried out in April and May, further revealed the proportion of Magento websites at high risk has increased from just under 80% from research carried out in October last year.
Other findings show the percentage of SME sites using Magento being at high risk is lower in Europe compared to North America. Europe, which accounts for 48% of all websites surveyed, registered 28% of high risk Magento sites. By contrast North America accounts for 43% of global sites analysed, but registered 60% of high risk sites.
With small differences, 1.4% of the total number of Magento sites globally are compromised and showing signs of payment card harvesting malware stealing their customer data. One exception to the trend is Europe where 0.63% of Magento sites were compromised.
Sites assigned as high risk generally miss critical security patches or have serious security vulnerabilities such as an exposed admin page. Many of these issues can be easily resolved.
A study by Hiscox in October found a cyber breach costs a small UK business on average £25,700 in ‘basic clear-up’ costs. Indirect costs such as reputational damage and difficulty attracting new clients were unmeasured but the insurer believes these are even more costly.
“Magento is a market leader for good reason. However, this leadership position also attracts the attention of criminals looking for easy targets, such as websites that have not kept their Magento software up to date or have basic security flaws like leaving their admin page unprotected,” said Benjamin Hosack, chief commercial officer at Foregenix.
“In the vast majority of cyber attacks victims are small local businesses which never thought they’d be a target for criminals and didn’t realise when they were hacked. Their payment data can be leaked to criminals for months on end before they are notified by credit card companies.”
“Most breaches aren’t a result of extremely clever cyber criminal techniques. They are simply the result of basic security issues that have been overlooked by the website owners and developers. A few basic precautions such as deploying software patches quickly can make a big difference to minimising risk, whichever platform is used.”