Thursday, June 26, 2025

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Creators Network
    • Latest Posts
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • Calendar View
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Content
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Cloud Native Now
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Application Security Security Bloggers Network 

Home » Cybersecurity » Application Security » Holiday Shopping Season is Upon Us: The State of Security Within eCommerce in 2021

SBN

Holiday Shopping Season is Upon Us: The State of Security Within eCommerce in 2021

by Erez Hasson on November 3, 2021

The retail eCommerce industry has gone through years worth of changes in a matter of just a mere couple of months as the global pandemic emerged back in March of 2020. These changes have led to skyrocketing growth for the industry, with sales predicted to hit $4.921 trillion by the end of this year.

And while we can’t yet talk of a post-pandemic era, as new cases and variants continue to hinder attempts of getting back to normal, we should instead investigate eCommerce amidst an ongoing pandemic.

One thing is clear, however, alongside growth comes an increased risk of cyber-attacks and fraudulent activity. Imperva Research Labs has published a new threat intelligence report – The State of Security Within eCommerce 2021 Report, summarizing a variety of cyber threat vectors affecting the industry. The report aims to provide online retailers with meaningful insights and guiding information ahead of the upcoming holiday shopping season.

Techstrong Gang Youtube
AWS Hub

What to expect

During the ongoing pandemic, consumer behavior has changed. As online shopping became more prevalent, shopping patterns became more sporadic. This meant that the 2020 holiday shopping was still targeted by cyber attacks, but these were also very much noticeable throughout the entire year. As things slowly return to some form of normal, the 2021 holiday shopping season is shaping up to be similar to those before the pandemic has hit in terms of traffic and threats.

Included amongst the threat vectors covered in this threat intelligence report are:

  • Bad bots continue to be a nightmare for online retailers: Over half of all attacks targeting online retailers this year were carried out by bots. Bots have always been prevalent in online eCommerce, but the pandemic has made things much worse.
  • Account takeover attacks: Also known as ATO, gaining illegal access to user accounts belonging to someone else has become even more prevalent throughout the ongoing pandemic. In fact, a third of all logins on online retailers this year have been account takeover attempts.
  • DDoS attacks: According to Imperva Research Labs, online retailers have seen an average of about 14 DDoS incidents per month. Additionally, the rise of the ‘Meris’ botnet has brought about a significant spike in incidents during September, just ahead of the holiday shopping season.
  • Client-side Attacks: Magecart attacks are a major cause of concern for online retailers. The abundance of JavaScript-based services used on online retail websites, 64 on average, as well as the amount of data passing through them, makes them an ideal target for attackers.
  • Web Attacks: 2021 was characterized by more sporadic attack patterns, with timings that are less predictable than pre-pandemic. Compared to 2020, the peaks were actually higher.
  • API Attacks: API attacks have been slightly less common in 2021 when compared to other industries or previous years. Yet, they remain an attractive target for attackers due to the sensitive payment data they hold.

Advanced threats call for advanced protection

As the popularity of online shopping continues to grow, it becomes even more lucrative for bad actors targeting online retailers. While the importance of investing in traditional security tools is indisputable, emerging threat vectors are taking center stage. From automated bot attacks to client-side and API attacks, retailers must stay one step ahead of attackers. Investing in an integrated platform like Imperva Application Security, which provides protection against the leading attacks and optimizes web performance, will help retailers operate efficiently and securely throughout the holidays and beyond.

For a full overview of the threats that targeted online retailers during 2021, as well as recommendations on how to prepare for the upcoming holiday shopping season, download The State of Security Within eCommerce 2021 Report here.

Try Imperva Application Security today, start your free trial now.

The post Holiday Shopping Season is Upon Us: The State of Security Within eCommerce in 2021 appeared first on Blog.

*** This is a Security Bloggers Network syndicated blog from Blog authored by Erez Hasson. Read the original post at: https://www.imperva.com/blog/holiday-shopping-season-is-upon-us-the-state-of-security-within-ecommerce-in-2021/

November 3, 2021November 3, 2021 Erez Hasson account takeover, API security, Application Security, bad bots, Client-Side Protection, DDoS attack, Digest, ecommerce
  • ← Step by Step Migration Guide from Epsagon to Thundra
  • TrustLogix Data Security Governance Platform Simplifies Securing Data in Snowflake Data Cloud →

Techstrong TV

Click full-screen to enable volume control
Watch latest episodes and shows

Tech Field Day Events

Upcoming Webinars

Securing Vibe Coding: Addressing the Security Challenges of AI-Generated Code
How to Spot and Stop Security Risks From Unmanaged AI Tools

Podcast

Listen to all of our podcasts

Press Releases

GoPlus's Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

Subscribe to our Newsletters

ThreatLocker

Most Read on the Boulevard

16 Billion Leaked Records May Not Be a New Breach, But They’re a Threat
Scattered Spider Targets Aflac, Other Insurance Companies
WhatsApp BANNED by House Security Goons — But Why?
AWS Raises Expertise Bar for MSSP Partners
Heightened Cyber Threat from Iran Sparks Urgent Calls for Vigilance and Mitigation
Will AI Replace You — or Promote You? How to Stay Ahead
JWT Security in 2025: Critical Vulnerabilities Every B2B SaaS Company Must Know
Are Your Secrets Protected Against Data Breaches?
How Secure Are Your Cloud-Based Non-Human Identities?
Feel Reassured with Advanced Secrets Scanning Technologies

Industry Spotlight

WhatsApp BANNED by House Security Goons — But Why?
Application Security Cloud Security Cyberlaw Cybersecurity Data Privacy Data Security DevOps Endpoint Featured Governance, Risk & Compliance Humor Incident Response Industry Spotlight Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threats & Breaches Vulnerabilities 

WhatsApp BANNED by House Security Goons — But Why?

June 24, 2025 Richi Jennings | 2 days ago 0
Scattered Spider Targets Aflac, Other Insurance Companies
Cloud Security Cybersecurity Data Privacy Data Security Featured Identity & Access Industry Spotlight Mobile Security Network Security News Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threat Intelligence 

Scattered Spider Targets Aflac, Other Insurance Companies

June 22, 2025 Jeffrey Burt | 3 days ago 0
US Pig Butchering Victims ‘Will’ Get Refunds — Feds Seize $225M Cryptocurrency
Analytics & Intelligence Blockchain Cyberlaw Cybersecurity Data Privacy Digital Currency Featured Governance, Risk & Compliance Humor Incident Response Industry Spotlight Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threat Intelligence Threats & Breaches 

US Pig Butchering Victims ‘Will’ Get Refunds — Feds Seize $225M Cryptocurrency

June 20, 2025 Richi Jennings | Jun 20 0

Top Stories

N. Korean Group BlueNoroff Uses Deepfake Zoom Calls in Crypto Scams
Cloud Security Cybersecurity Data Privacy Data Security Featured Identity & Access Malware Mobile Security Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threat Intelligence 

N. Korean Group BlueNoroff Uses Deepfake Zoom Calls in Crypto Scams

June 26, 2025 Jeffrey Burt | 4 hours ago 0
Fortanix Adds Dashboard to Better Prioritize Remediation Efforts for PQC Era
Cybersecurity Featured News Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight 

Fortanix Adds Dashboard to Better Prioritize Remediation Efforts for PQC Era

June 25, 2025 Michael Vizard | Yesterday 0
LapDogs Campaign Shows Chinese Groups’ Growing Use of ORB Networks
Cloud Security Cybersecurity Data Privacy Data Security Endpoint Featured Malware Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threat Intelligence Threats & Breaches 

LapDogs Campaign Shows Chinese Groups’ Growing Use of ORB Networks

June 25, 2025 Jeffrey Burt | Yesterday 0

Security Humor

Randall Munroe’s XKCD ‘Tukey’

Randall Munroe’s XKCD ‘Tukey’

Download Free eBook

7 Must-Read eBooks for Security Professionals

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Creators Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Cloud Native Now
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2025 Techstrong Group Inc. All rights reserved.
×