In another age in another time – nearly 90 years ago, criminal mastermind and FBI Top-10 Most Wanted Criminal, Willie Sutton, captured the imagination of the masses. During a clandestine interview with a newspaper reporter, Sutton was asked why he robbed banks. His answer was, “Because that’s where the money is.” With online retail sales alone pushing past the $4.28 Trillion mark in 2020 and estimated to be over $5 Trillion in 2021, we might surmise criminals are focusing their attention on eCommerce – “Because that’s where the money is.”

Unless you build security into your eCommerce site, the bad guys will find you. As a leader in the B2B eCommerce space and provider of digitized solutions throughout the world, KYKLO has built safeguards into our systems. While we aren’t planning to explain exactly how this works, for obvious reasons, we thought it would be helpful to hear from KYKLO’s Chief Technology Officer and Co-Founder, Fabien Legouic, and get his take on the situation.

For the sake of brevity, we are breaking this conversation into a series of questions and answers. While we had close to 50 questions in mind, let’s look at the three most important points.

Question One: What are the three biggest security risks of an e-shop?

Here are the top three issues, each tied to their own set of nasty consequences: 

1. Theft of a store’s confidential information: This presents the greatest risk as the attackers access privileged information, things like customer listings and ERP server IP addresses. Most of the time, the hackers first gain access to the store’s technical infrastructure and then obtain the information needed to roll out ransomware or, at the very least, bombard customers with spam. The effects are usually catastrophic.
2. Theft of personal information from other buyers: Although quite new in the US, personal data and privacy are top-of-the-agenda topics. Attackers would also gain access to normally non-accessible parts of the store, and download buyer lists (emails, phones, names). This could jeopardize the shop’s reputation and cause litigation.
3. Overall disabling or hijacking of a store’s functionality: This happens more commonly than most expect and is a silent under-the-radar attack. Here, hijackers throw swarms of queries to the store attempting to disable it or at least slow it down significantly.

Question Two: KYKLO makes use of “the cloud” for storing information and running our systems, do you think this presents a security risk?

Being on the cloud makes KYKLO safer. Think about it, which is more secure: the billions of dollars worth of art in the Louvre Museum or the art collection of some wealthy collector? 

The Louvre is a big target with many doors and windows, not to mention 50 million visitors per year. The museum, however, is protected by an extremely high-end security system and monitored by over 1,200 security professionals. Conversely, the villa or mansion of the wealthy collector has a much less advanced security system and, in the most extreme cases, maybe a handful of security guards. Big museums, even public ones, pose a much greater challenge to thieves than small, isolated private collections.

The cloud, when engineered properly in a multi-tenant form (like KYKLO does), similarly poses a much higher challenge to attackers, versus on-premises/custom-tailor-designed eCommerce as used by most solutions out there.

KYKLO is based on a multi-layer, multi-tenant, 100% cloud-based architecture, where all elements of the architecture are the most secure (and costly) components available in today’s market. This is akin to having the Louvre Museum refurbished to contain hundreds of individuals in completely isolated rooms (1 room per store) with no doors between rooms, with extreme security measures to access every room.

KYKLO infrastructure assigns every “room” (i.e. every store) with identical protections to generic penetration attacks. We also constantly automatically detect more “innovative” attacks and assign additional protection to every room, so that our clients do not need to worry about security. We prevent massive attacks by randomizing additional protection parameters between rooms so that no overall attack can be performed on every store at once.

Question Three: There are hundreds of eCommerce disaster stories circulating on the internet. In your mind, what are a couple of the most significant security fails? How can they be avoided?

There are hundreds of recipes for disaster! While it would be impossible to visit them all, for now, let’s focus on a larger issue:

1. An eCommerce site built by an IT person, family member, or fledgling programmer who knows how to code. While they may be able to get an “off-the-shelf” eCommerce up and running, most do not have the technical experience to ward off the attackers lurking in the background. Further, security is something that must be planned for early and incorporated in the design at all stages of coding. New designs cannot be easily fixed after the fact and a continued layer of patches only complicates the longer-range security of the system. 
2. Security and design issues are Important. Security is an important part of KYKLO’s philosophy and design process. During our conversation with Mr. Legouic and the design team, we gathered over four pages of other very important comments concerning security. In the near future, we plan to publish some additional pointers for those contemplating e-commerce security in the near future.