1.

ShopGuard has been in the e-commerce game for a while, so it likely uses different types

of ISPs. Using multiple ISPs can lead to certain threats. Here are three potential risks:

- Data Interception: This threat is part of passive attack (Chauhan & Jangra, 2020) by

obtaining sensitive information. This can be intercepted during transmission between the

e-commerce platform and the ISP.

Examination → Different ISPs have different levels of security. If the ISP doesn’t use

strong encryption, it will make it easier for the hacker to intercept the data. To

prevent this ensure all data sent is encrypted with a strong standard like Transport

Layer Security (TLS).

- ISP Vulnerabilities: ISPs can be attacked by hackers. If their systems are compromised,

this can cause massive service outages and expose sensitive data.

Examination → If an ISP lacks security practices, it can be an easy target for hackers

to exploit and access e-commerce platform data. Regular security checks and audits

are essential to ensure ISPs follow strict security standards.

- DDoS Attacks: Distributed Denial of Services (DDoS) attacks flood an ISP's network

with too much traffic, causing service disruptions and making the e-commerce platform

unavailable to real users.

Examination → ISPs without strong DDoS protection can become a weak point

during an attack, making the e-commerce inaccessible. It is crucial to work with an

keep services running smoothly.

2. According to (Chauhan & Jangra, 2020) the fundamental of cyber security is CIA

(Confidentiality, Integrity, Availability) here down below I will describe and explain the

implementation to ShopGuard:

- Confidentiality means ensuring that only authorized people can access sensitive

information.

Implementation: Customer data, such as personal information and payment information,

must be kept secure from unauthorized access. This can be done by using encryption,

access control, and secure authentication methods. For example, using strong passwords

and multi-factor authentication.

- Integrity means ensuring that data is accurate, complete, and has not been altered by any

party.

Implementation: Customer data and transaction records must remain accurate and

unaltered. This is achievable by using checksums, digital signatures, and regular audits.

Secure transmitted client data and stored without any unauthorized modifications.

- Availability means ensuring the information and resources are always available to

authorized users when needed.

Implementation: ShopGuard platform must be accessible to all customers at all times

even in peak shopping seasons. This can be achieved through redundancy, load

balancing, and robust DDoS protection.

threats and attacks. It faces the highest risk, with 32.4% of all attacks targeting this sector

in different forms (Badotra & Sundas, 2021). According to Varghese (2024) the three

most common threats that attacking e-commerce are:

- Financial fraud: Hackers exploit weaknesses in the payment process to steal money and

sensitive information. Including altering payment amounts, diverting payments to

unauthorized accounts, etc.

Example: Credit card fraud, account takeover.

- Phishing: Hackers send fake messages or emails pretending to be store owners to trick

customers into giving sensitive information like username and password.

Example: Customer accidentally clicked a phishing link that has a similar interface to the

real marketplace, then logged in there.

- Massed mailed malware: Hackers are sending multiple emails containing malicious

software (malware) to multiple people at once. These emails will look like a trusted

source, but when it opens, malware gets installed on device. This can lead to data theft,

and system crashes.

4. Multi Layered security during these days for ecommerce marketplace is a must.

Technical measures:

- Firewalls: To actively monitor the upcoming threats by filtering the traffic, or even

block it if it’s suspicious.

- Encryption: Securing the data with encryption while transmission.

activity (Palo Alto Networks, n.d.).

Procedural measures:

- Audit security regularly: To identify earlier if there are any threats and resolve if it's any

problem.

- Incident response plan: To quickly respond the threat so that they do not widely spread

- Backup and recovery: Practice regular data backup to quickly recovery if there’s any

incident.

Words count without references: 698 words

Words count with references: 787 words

References:

Chauhan, S. R., & Jangra, S. (2020). Computer security and encryption: An introduction.

Mercury Learning & Information.

Badotra, S., & Sundas, A. (2021). A systematic review on security of E-commerce systems.

International Journal of Applied Science and Engineering, 18(2), 323-339. Retrieved December

26, 2024, from https://gigvvy.com/journals/ijase/articles/ijase-202106-18-2-010.pdf

Varghese, J. (2024, December 20). Top 10 e-commerce security threats & their detailed solution.

Astra Security. Retrieved December 26, 2024, from https://www.getastra.com/blog/knowledge-

base/ecommerce-security-threats/
Palo Alto Networks. (n.d.). What is an intrusion detection system (IDS)? Palo Alto Networks.

Retrieved December 26, 2024, from https://www.paloaltonetworks.com/cyberpedia/what-is-an-

intrusion-detection-system-ids#:~:text=A%20firewall%20controls%20and%20filters,detects

%20and%20alerts%20suspicious%20activities