It is important to ensure that your security investments are aligned with the goals of your websites. Too much security can hinder the users' experience. Just think of 'Captcha', the funny squiggly letters that one needs to decipher and enter accurately to gain access to the site, too often creating a displeasing user experience. Yet too little security can create exposures that if exploited erode brand value and worse, could result in fraud and unauthorized disclosure of sensitive customer information.
4. Evaluate, and adjust your defences
Now the new defences (rules, signatures, controls) are in place, but it is still not finished. Information security is very much an ongoing and iterative process. Once you've updated your protective controls, it is back to step 1, review, and adjust, so you can maintain that level of security and prevent your website from falling victim to an attack.
Depending on the size of the company, securing a website can be a full-time job. Attackers are working overtime to poke holes in retailer's security measures, so it is essential that experts are up-to-date on the latest threats and trends, constantly re-evaluating the rules implemented. If retailers do not have the time (understandably) to manage these processes themselves, they must ensure that they are working with a trusted third party who will monitor threats and update the defences regularly.
However, despite all best efforts, sometimes cyber adversaries are still able to get through the defences. It is important for retailers to have a comprehensive security and incident response strategy in place to prepare themselves for a potential security breach. It is never fun to be scrambling for a response protocol in the midst of a cyber-attack, always be prepared.