Chain safety in digital commerce
Consumers are increasingly buying online. Due to the sharp increase in digitization, fraud and (in)security are moving from physical retail to digital commerce more and more, too. If we look at the chain (from purchasing to customer delivery), data is exchanged on many points, creating vulnerabilities. The Secure E-commerce expert group wants to use its blue paper to provide chain partners with points of attention and checklists to make the chain more resilient.
Cyber information exchange in the chain
Large e-commerce organizations with a large network of partners and suppliers understand that it is crucial to provide the organization with timely and correct information about cyber threats and attacker profiling. As a result, timely measures can be taken, so that the impact on business processes and business objectives is as minimal as possible. Due to the complex environment and wide variety of chain partners and the size of the e-commerce parties, the expert group indicates that it is extremely important to exchange information about cyber threats and action perspectives.
Research has shown that there are now various forums, working groups and platforms within which threat information is shared, but that there is currently no specific platform in the Netherlands where information about cyber threats and trade prospects is shared for the benefit of companies in the e-commerce chain. The establishment of an e-commerce Information Sharing and Analysis Center (ISAC, such as the one that exists in the United States (r.cisc.org), can certainly be of great value to large e-commerce organizations. Within such a sectoral ISAC, information can be shared in a trusted environment about incidents, vulnerabilities and threats directed at the sector and the chain. The expert group indicates that Thuiswinkel.org, as interest groups, can play a central role as an information hub, because it knows its members and has a position of trust.
Secure interfacing in the e-commerce chain
A secure e-commerce market is not only stimulated by resisting cyber threats from the outside, but it is also about making good agreements with partners in the field of security. As with so many business risks, prevention is better than cure. That is why the expert group, made possible by Thuiswinkel.org and PostNL, has developed a checklist to gain insight into the security of your company data and processes when you share these with third parties via interfacing. For example, e-commerce companies often store a lot of customer, order and payment information. It is not intended that this sensitive information is transparent to third parties. The checklist of the expert group and more information about the proposed ISAC can be found in the blue paper of the Secure E-commerce expert group .