Back
E-commerce

You Can Disappear from Google in a Day: A Warning to Businesses That Should Be Concerned

You’ve built your online store, invested in advertising, optimized your website for search engines, and are enjoying a growing stream of customers. Then one day, after a cyberattack, not only are your customer data leaked, but your store is also removed from Google’s search results.

This isn’t a fictional scenario—it’s now a reality for eCommerce stores in Lithuania. What are the common security gaps that lead to cyberattacks, how can they be prevented, and what lessons can we learn from international best practices?

Didn’t protect yourself? Then out you go—from Google!

Cybersecurity in eCommerce: Why Prevention Is Cheaper Than Repair

According to 2024 data, the number of cyberattacks worldwide has increased by 75% over the past five years. In the Baltic region, based on data from the National Cyber Security Center (NKSC), the first half of last year saw a one-third increase in DDoS attacks and a doubling of incidents where intruders altered website content, gained remote system access, or logged in using administrator-level user accounts.

eCommerce expert Ričardas Šmaižys says that he receives at least one inquiry every month regarding attempts to hack online stores, data leaks, or service disruptions.

“Unfortunately, the consequences are becoming more severe—for example, recently, a children’s toy store was hacked via an old, unused administrator account belonging to a former employee. The site’s operations were disrupted, malicious code was injected, and the site was removed from Google search. Years of effort were lost in a single day. In the past, such incidents were rare, but now hacking attempts have become routine—one in three eCommerce platforms we manage experiences intrusion attempts. The volume of leaked data is so large that password guessing attempts happen hundreds of times per day per account,” says the head of PrestaRock.

He adds that there are plenty of similar cases in Lithuania. For instance, a sports apparel store was recently compromised due to an insecure admin password, allowing hackers to install code that collected credit card information—putting customer funds at risk.

In another case, a workwear company failed to update its systems on time, resulting in a stolen and published customer database, including names, emails, and more. The company had to deal with the State Data Protection Inspectorate and risked fines for violating GDPR.

Lack of Cybersecurity Experience in Lithuania

Although cybersecurity risks and threats are widely discussed in Lithuania, most eCommerce businesses still focus more on growth than protection.

“Smaller companies still operate under the logic of ‘we’ll put out the fire once it starts’ or ‘we’ll worry when the neighbor’s roof is on fire.’ While e-shops are paying more attention to cybersecurity—especially since downtime often results in revenue loss—larger companies take it more seriously. These businesses are more visible (making them a bigger target) and more dependent on IT systems, so they better understand the impact of such incidents on operations and reputation,” says Marijus Strončikas, head of Altic IT and a member of the Lithuanian IT Managers’ Club.

Seitumer Curlu, a former IT director at major Lithuanian companies and now CIO at a Dubai-based holding company, says the biggest difference between Lithuania and Dubai is experience.

“The biggest challenge in Lithuania is limited experience in both preventing and managing cyberattacks. In Dubai, such attacks have been a daily reality for some time, so companies are simply forced to implement cybersecurity mechanisms to continue operations. It also comes down to leadership mindset—most leaders here understand that these attacks are inevitable, so they allocate funds to build processes, implement tools, and train staff,” says Curlu.

He notes that while the cybersecurity situation in Lithuania is improving, it still lags behind global best practices.

“In Dubai, cybersecurity prevention is part of daily IT operations: systems are regularly updated, infrastructure is monitored, and responses to security incidents are swift. Medium and large businesses treat cybersecurity as an essential part of operations, while smaller companies tend to outsource it to external experts,” Curlu explains.

Don’t Leave the Doors Open

Ričardas Šmaižys advises that cybersecurity should be considered before building an online store.

“When building an e-shop, it’s recommended to use as few third-party modules as possible—or verify them thoroughly. The competencies of the developer are also critical, especially when working with freelancers. Chosen developers must have internal processes to prevent the creation of new vulnerabilities. We also recommend implementing additional protections—such as two-factor authentication, IP blocking, and proper server configuration and maintenance,” he says.

Once the store is up and running, it’s equally important to regularly update systems and patch any known vulnerabilities.

“If you leave the door ajar, it’s only a matter of time before someone malicious walks in. That’s why it’s important to constantly review security measures, educate employees not to reuse passwords, avoid connecting through unsecured networks, and not click suspicious links. If these steps are not taken or existing vulnerabilities are not addressed, Google may remove your site from search results,” Šmaižys warns.

Marijus Strončikas adds that it’s essential to clearly define who is responsible for an e-shop’s security during the planning phase.

“It’s important to determine whether the business will run its e-shop using its own IT infrastructure or rent it through a third-party platform. In the first case, the business owner is responsible for security; in the second, it’s the platform. In both cases, knowing how cybersecurity will be managed is absolutely critical,” he says.

According to him, those who enjoy risk and are unafraid of unpredictable disruptions might skip cybersecurity. Everyone else should be prepared.