Unfortunately, this widespread use also means that Magento stores can be a lucrative target for criminals, highlighting the critical importance of security for these stores. Shocking fact: 1 in 5 stores is hit by malware every year.
A breach of your store can incur costs in the form of lost sales due to downtime, reputational damage (especially if the hack has to be disclosed) and costs associated with removing the hack and making sure the store is secure again. These costs typically range from $50,000 to $2,000,000 in damages, fines, investigation costs and reputation restoration.
We do everything we can to prevent such situations. One of the most important actions we take to prevent a hack is making sure that your Magento store is always running on the latest version. We also make sure that the extensions the store uses are up-to-date.
To be notified of potential problems, we rely on our partner Sansec. Sansec is a cybersecurity company specializing in e-commerce security. Their main product, eComscan, is an automated security scanner designed to protect Magento stores from attackers. It is used and trusted by leading Magento agencies and hosting companies.
eComscan offers several benefits. It helps identify the cause of hacks, prevents shopping downtime and suspension of ad campaigns, secures online reputation, ensures compliance with Payment Card Industry (PCI) standards and prevents leaks of personally identifiable information (PII). It is designed to detect malicious activity early, which can help mitigate or prevent the impact of a data leak.
We use Sansec to scan all our stores daily and do an in-depth scan weekly. If irregularities are found, we get immediate notification from the monitoring service via Slack, email and SMS for urgent issues.
We also make use of Sansec's integrity checker. Because of the extensive database of code it checks, it can identify anomalous code by collecting the correct code from all installed versions. When a particular package's code deviates from the average by a certain threshold, we get a notification that something may be wrong. In this way, we can detect malicious code even when the vulnerability used is not yet public. We perform this check every time we do a deployment to ensure that infected code cannot reach the production server via a supply chain attack.
In short, Sansec helps us sleep easy at night, knowing that your store is in safe hands and closely monitored.