This article first appeared in Digital Edge, The Edge Malaysia Weekly on March 25, 2024 - March 31, 2024

The e-commerce sector in Malaysia generated an impressive RM1.2 trillion in revenue in 2023, a 4.9% growth compared with 2022, according to the Department of Statistics Malaysia, which underscores the importance of technology availability for business continuity.

Cyberattacks are a “when” and not “if” reality in today’s digital landscape and World Backup Day is another timely reminder that business downtime isn’t an option in this sector, which relies heavily on online platforms for sales.

The size and growth of the e-commerce sector have made it an attractive target for malicious actors. In fact, security leaders in retail and wholesale companies reported an average of 6.8 breaches in 2023 — double the 3.4 breaches in 2022 — in Forrester’s Security Survey released in December.

Malicious actors look to hijack companies’ operations to disrupt revenue, cause huge reputational damage and undermine customer trust. This allows them to dial up the pressure and demand more lucrative or even multiple ransom payments.

Festive seasons, like the current Ramadan holy month culminating in Hari Raya Aidilfitri next month, are among the busiest retail sales periods. However, they are also lucrative opportunities for malicious actors to exploit e-commerce platforms and online retailers during these times, as businesses may be more inclined to pay a ransom to stay online, and their IT and security teams’ response times may be hampered due to employees’ availability.

Retail and e-commerce businesses need to have a cyber resilience strategy that is focused on minimising business disruption when a cyberattack occurs. Here are some best practices:

● Optimised scheduling of backup data: Retailers experience a large fluctuation in their data usage due to the high seasonality of their work. Artificial intelligence (AI) and machine learning (ML) can optimise backup schedules to match an organisation’s diverse needs. This includes adjusting backup frequencies, prioritising critical data and optimising storage efficiency to eliminate the unnecessary recovery of unused data, which reduces costs and recovery time during a cyber incident.

● Third-party data access and controls: For retailers, third-party access encompasses partners, suppliers, contractors and subsidiaries. For example, a delivery service provider could retrieve customer details to ensure accurate delivery to an address. Mitigating this risk involves deploying granular role-based access controls (RBAC) that grant the least privilege required for users to do their job. This minimises risks in the event that digital credentials are compromised and prevents third parties from accessing data that has not been pre-approved.

● Constant education: Increase user awareness by constantly educating customers and employees on how to spot social engineering scams from malicious emails, texts or social media accounts that ask for confidential information. Companies should regularly share their security and data privacy procedures, what they are doing to tackle these threats and what they can do to be safer when shopping online. This level of thought and transparency also helps to build trust in a company’s brand.

Adopting these cyber resilience best practices to better manage and secure data will enable companies to shore up their business continuity, maintain their customers’ trust and strengthen their reputation.

Sathish Murthy is senior systems engineering lead for Asean and India at Cohesity, a global data security and data management solutions provider

Save by subscribing to us for your print and/or digital copy.

P/S: The Edge is also available on Apple's App Store and Android's Google Play.