Every day I see new store owners pop up excited and full of that vibrant energy to start their new enterprise online. They spend countless hours installing, configuring and beautifying their new online store and they just put it online for the first time. I hear people say, “I am glad that I am done and that is over with.” That statement alone has proven how much time and hard work they have put in.
At the time a new version of their shopping cart is released, you can just feel the shutter of having to upgrade. The normal view from most shop owners is that “I can’t upgrade right now because I am too busy” or “I have too many custom modules that don’t work with the new version.” The store owner just finds excuses not to upgrade rather than spend that little bit more time and energy to secure their site. The general rule in upgrading is to do it right away. The reason why upgrades are released is because there are new vulnerabilities in the code that could cause your store to be hacked. The store owner must be vigilant and keep up to date.
Most hackers turn their attention to sites that have value or in essence have something to steal. E-commerce stores are the gold mine and criminals know it. This may be a shock to a lot of store owners, but most vulnerabilities are found by the software communities that help create it. The bugs are reported and fixes made available. Most coders want the recognition of finding the bug so they post the bug in the community forums and on a security reporting site. The biggest problem about the security reporting sites is that they show what is called “proof of concept.” This means how the vulnerability can cause damage or infiltration. They are so detailed that actual examples of exploit are shown openly to the public.
Take a person with a bit of programming knowledge, a whole lot of time on their hands, a need for glorification and you have yourself what “today” you call a hacker. These people sit in-wait of these “proof of concepts” to appear and they begin hacking on sites that are still vulnerable. I do not really consider these people hackers. I refer to them as criminal opportunists and they tend to do a lot of damage. They leave a wake of destruction in their path because hiding their tracks is frankly beyond their ability.
Now on the other hand a real “hacker” does not want a trail and they have the technical ability to hide themselves very well. They do not cause a wake; they steal what they want and if they are successful no one will know. These are not the type of people that will be on your small “mom and pop” shops. These people risk everything for a large bounty or a political gain.
The only way that a store owner can combat against this is to educate themselves on site security and to keep their stores up to date. This is a never ending war and the store owner must be vigilant.