Large volume business to business (B2B) ecommerce orders have high values that make them attractive targets for cybercriminals. They have many ways to exploit system vulnerabilities and gain access to confidential company data and other sensitive information.
Attacks can include viruses, malware, malicious software or attachments, false websites and misleading emails. Potentially, one of the most serious types of attack is ransomware, representing almost a quarter of all attacks. Criminals design software which infiltrates business systems and stops them working. Often there is no way to restore operations without the encryption key.
However, according to data service experts three quarters of attacks also have an element of human error. Any planned security measures must take account of both technical and human vulnerabilities.
Defending against security breaches
With a clear understanding of B2B ecommerce security risks there are many things you can do to stop the criminals.
You can use measures to protect online transactions and sensitive customer information, like credit card details or login credentials. These allow you to maintain compliance, protect integrity and ensure confidentiality. Your data is still available when you need it but you can stop unauthorized access, fraud, and cyber threats.
Measures include secure payment gateways, encryption technology, firewalls, and robust authentication processes. You can ensure safe handling of your customer data and financial transactions during your busiest times. Most importantly, a proactive approach helps build customer trust by safeguarding their sensitive information and blocking potential threats.
Example: Henry Schein Inc.
Around three quarters of business transactions for Henry Schein Inc. are via ecommerce and electronic data interchange (EDI). A data breach seriously affected business for the leading distributor of medical and dental products for over four weeks. Cybercriminals stole company data and bank account information for some suppliers.
On 14 October 2023 a major cyberattack of its core systems, included distribution and ecommerce, causing serious sales disruption. A month later the company confirmed key systems remained unavailable with work hampered by the Thanksgiving holiday.
A delay in filing full third-quarter results is expected, along with an insurance claim related to the incident in 2024.
Security risks
Threats for B2B ecommerce companies aren’t only about physical computer systems. There are also exposures in software, networks, and infrastructure.
B2B sellers deal with more complex products, have a more diverse customer base, and manage larger order volumes. Criminals also know that sectors such as energy and petroleum, for example, are time-sensitive and can’t afford business disruption.
High order values and risks to customer loyalty also catch the attention of cybercriminals. Because they can cause more damage, they can demand more for the return of key data. Targeted companies might be more likely to pay a ransom demand to minimize the repercussions of delays, especially during peak times.
Ransomware – a major B2B ecommerce threat
As the name suggests, criminals can hold your company’s critical information to ransom. They can smuggle software into your business systems that encrypts your data. Only they have the encryption key that unlocks your information. However, making a payment doesn’t guarantee you’ll get your data back. Regulators and insurers increasingly advise against making ransom payments.
Sometimes, criminals simply threaten to encrypt your data and demand payment when they haven’t accessed your systems. Or they might introduce a screen locker that stops people using their computers. Your first level of protection is to have access to skilled IT professionals who can quickly identify whether an attack is real or threatened. If criminals gain control of critical data none of your security scans or restoration processes will help.
The damage caused by ransomware is much greater than the price of the ransom. As well as the ransom itself, many businesses lose revenue and future business opportunities.
Without access to your business critical systems, you can’t make sales or support your customers. Adverse publicity damages your reputation and might deter customers and investors in future. The costs of recovery could even put your business survival at risk.
Regular backups for your key data and business systems allow you to respond and recover from ransomware attacks quickly. While you might lose some information you can get everything up and running again without paying the ransom or damaging your reputation.
Security risks in B2B ecommerce
Many B2B companies moved online during the pandemic and might not have had time to implement good security practices. Moving on, adopting more new channels could create gaps in security awareness and expertise. Manufacturers, distributors, and wholesalers are still prioritizing issues associated with pressure on their supply chains. As a result, unaddressed vulnerabilities could leave operations open to criminal attacks.
Example: Colonial Pipeline
In May 2021 a ransomware attack on Colonial Pipeline hit the headlines. Americans feared fuel shortages for essential journeys. With a highly connected national energy infrastructure everyone was aware of the impact. Supply chain interruptions, shortages and disruption of essential services led to increased prices.
The US Cybersecurity & Infrastructure Security Agency (CISA) has since expanded its ‘CyberSentry’ capacity. This provides additional visibility for faster detection of cyber threats that could affect critical operational networks. CISA says: ‘The days of relegating cybersecurity to the CIO or the CISO must end. CEOs and Boards of Directors must embrace cyber risk as a matter of good governance’.
Originally, criminals would target ecommerce sites that hadn’t updated their security to steal money. They have now become more sophisticated, targeting specific industries and groups they can disrupt, giving them more power and access to larger payments.
B2B ecommerce businesses and supply chains in countries like the UK, US, and Canada are likely to have more at stake. It’s worth the criminals’ effort to look for and exploit any type of vulnerability. They might even study business and employee patterns and processes to find the weakest security links. Employee training is a high priority to maintain good security practices, especially at peak times.
Other risks
Remote desktops
With a remote workforce, a virtual private network (VPN) maintains online privacy by masking IP (internet protocol) addresses. A VPN provides encrypted and secure connections to the worldwide web. Without it, attackers might remotely access systems and processes and undermine your business.
Brute force attacks
A brute force attack is a relentless process of trial and error. Usually automated, these attacks often involve guessing potential usernames and passwords. Alternatively, they might use valid credentials stolen from other breaches across multiple systems. This is why your security should include a strong password policy and enforced updates for employees and customers.
Email engineering
Because emails are such a common business tool it’s easy to take their security for granted. Social engineering attacks like phishing and spear phishing target individuals. Business email compromise (BEC) attacks impersonate genuine email account owners to gain access to critical information. They can look very convincing, so staff training and ongoing reminders are essential, not just during peak times.
These emails look credible but have been designed to persuade someone to use a rogue link or open a compromised document. This immediately introduces a harmful program that can infiltrate your business systems. Cyber criminals can then steal your valuable data or lock it up so you can’t access it. Spam filters will prevent these emails, and this can be an effective approach. Also use regularly updated anti-virus software to protect against known threats.
Software updates
Maintaining software is often time-consuming and can disrupt business processes. However, failing to install updates for known vulnerabilities will expose your whole organization to risk. When you have a software as a service (SaaS) B2B ecommerce platform you receive regular updates in the cloud. This is just one of the ways you can make sure your defences stay up to date.
System sharing
In B2B ecommerce, business system integration provides seamless end to end solutions that improve performance and customer service. However, rogue software can scan for shared data that will allow it to infect other computers and systems. Reliable and thoroughly tested integrations and security protocols are needed to prevent this from happening.
