The Global Ecommerce Security Report 2022
Insights and Learnings from a Blockbuster Year for Commerce
U.S. consumers spent $33.90 billion online during the Cyber 5 weekend, a 1.4% year-over-year (YoY) decline from the $34.36 billion in ecommerce revenue during the same weekend in 2020, according to Adobe’s Digital Economy Index.
From $9.03 billion in 2020, Black Friday 2021 sales were down marginally by 1.4% to $8.9 billion — its first-ever YoY dip. Cyber Monday sales also slumped 1.4% YoY to $10.7 billion. Online sales on Thanksgiving Day stayed flat at $5.1 billion.
21% of merchants Webscale surveyed reported more than 30% growth in sales during the Cyber 5 weekend; for 20.5% of the businesses, sales remained flat compared to the previous year.
State of Ecommerce Security
Did you experience any security-related incidents on Black Friday/Cyber Monday?
Cyberattacks continue to rise
Major security challenges merchants faced in 2021
Lack of automation
in threat management
Malicious code
inserted into the
backend
Focus on detection
and mitigation
than prevention
Absence of real-time
threat monitoring and
analysis
Browser executing
scripts stealing
sensitive information
Web traffic attacks
from the frontend
Top 5 Attack Types of 2021
-
Phishing
-
Card scraping
-
Carding
-
Credit card fraud
-
Ransomware
Recommendations
- Tackle zero-day threats: Deploy a web application firewall (WAF) on the network edge.
- Avoid point solutions: Deploy an enterprise-grade security solution that includes measures to block malware delivery infrastructure and payloads, limitations on internet-accessible services, and multi-factor authentication (MFA).
- Invest in deep observability: An intelligent tool and established protocols that enable rapid and accurate identification of suspicious activity within an ecommerce environment.
- Go beyond the perimeter: Implement a zero-trust architecture.
Bot attacks accounted for 68% of all attacks on Webscale customers in November 2021. During the 2021 holiday season, Webscale defended against malicious bots with more than 76 million denial or redirect responses. No Webscale customers were impacted in any way during their busiest, and a most lucrative quarter.
Webscale CloudEDGE Security
Webscale CloudEDGE Security is an award-winning ecommerce security platform, deployed at the traffic edge, alongside or as a replacement for traditional CDNs and WAFs. CloudEDGE Security sits in any cloud and atop any ecommerce platform, using automation and analytics to proactively identify and protect web applications from the front end through web traffic, malicious code, or from browsers executing scripts to steal sensitive information.
Websites protected by CloudEDGE Security have always-on, 360° security with application-aware, customized rules to protect against sophisticated attacks. In addition to a managed WAF, CloudEDGE Security includes a range of features that allow for real-time application monitoring and analysis through machine learning, detection, automated mitigation, and ongoing protection.
CloudEDGE Security is available as an add-on to all Webscale Cloud Delivery plans, or as a stand-alone product for merchants and developers struggling with inadequate protection on hosted ecommerce platforms. Unlike current products that leave remediation to the merchant or the developer, Webscale’s DevSecOps team works alongside to help detect and protect.