Actu
Security risk for popular e-commerce platform nudges 97%
August 2020 by Foregenix
Almost 97% of European e-commerce firms using the Magento 1 website platform are at high or critical risk from hackers according to the latest research from cybersecurity specialists Foregenix.
The research, which analysed 113,000 websites in Europe using the e-commerce platform, also reveals 430 sites - 0.38% of the overall total - are currently hacked and card data is being actively stolen.
Foregenix found 52% of the 40,000 Magento 2 websites analysed are at high or critical risk. The rate for merchants’ websites which are currently hacked and losing data stands at 0.25%.
The data showed North American rates for Magento 1 and 2 platforms at high risk corresponded to European figures. However, the critical risk for European merchants is less than a third of the rate when compared to US and Canadian firms for Magento 1, and a quarter of the rate for Magento 2.
Marlborough-based Foregenix monitored over 275,000 Magento websites globally using its WebScan solution from 1 May to 20 July. The solution detects malware, security patches (for Magento 1) and analyses the website framework implementation for vulnerabilities, such as unprotected admin pages.
The global data showed that while Magento 1 users fell in both June - 1.2% - and July - 4.2%, the take-up for Magento 2 went up 1.7% and 7% for the same period.
Foregenix co-founder Benjamin Hosack says: “Magento 1 websites are a major concern in the industry following the end of life for the platform in June.
“Put simply, websites built on Magento 1 have a decaying security posture and the risk of being targeted and compromised is increasing. We can’t emphasise enough the importance of taking action to migrate to Magento 2, or another platform.
“While Magento 2 offers continuing security support, it is still crucial for merchants to remain vigilant and be proactive to reduce the risk of their own and clients’ data being compromised.”
Among the cybersecurity actions Hosack suggests are:
• Update your password regularly, or better, implement 2 factor authentication
• Change your Admin Path URL
• Monitor the accounts which are accessing your website’s backend
• Check your recently changed files - are they genuine?
• Scan your website regularly for indicators of compromise such as malware
• Update security patches or update the website platform depending on the platform being used
• If you’re using Magento, which is a highly effective platform, ensure it is set-up correctly as failure to do so can create weak spots that can be easily exploited by criminals
