Vital+Vectors

Website Security and Hardening

synopsis

Every day, someone tries to hack your website and steal sensitive information or deface your business. Whether for financial gain, protest, or prank, you’re under attack. Unfortunately, most IT companies and website hosts don’t make you aware of the danger you’re in.

content

According to SophosLabs, more than 30,000 websites are infected every day1. The number of hacked URLs are growing by 50% per year. The National Cyber Security Alliance further states that one in five small businesses falls victim to cybercrime each year. Of those companies, about 60 percent go out of business within six months after an attack2.

Cybercriminals have an army of bots and resources at their disposal. Information is quickly shared between networks of hackers.
Cybercriminals have an army of bots and resources at their disposal. Information is quickly shared between networks of hackers. Photo by Masked Builder

Understanding the types of online threats to your site

New web-based attack vectors are coming out every day. We classify threats into three of the most common types.

  1. Software vulnerabilities
  2. Access control
  3. Denial of service

Your website software is at risk

Popular website software, such as Wordpress, makes creating a site easy. However, it also makes your site easy to hack. Common exploits are quickly trafficked in underground hacking circles so your site can be hacked over and over again for “fun” or profit.

Even if you’re not running Wordpress, hackers can take advantage of cross-site-scripting (XSS) and database injection, among other methods. These techniques are used to gain access to your site or server and turn it into a channel for infecting your clients with malicious software that steals their personal information. Not only do you risk a serious reputation problem, but you can also be held liable for potential losses if you don’t responsibly protect your visitors.

Gaining access to your systems is the ultimate breach of security

In access control attacks, hackers work to get the top level passwords and user accounts to your site and backend system. They can then perform every action you would as an administrator of your website or server. The breach can go undetected because, to your system, it would look like you’re the one accessing your site and making changes.

Access control attacks can lead to data loss over a long period of time. This results in much higher losses than typical hacks where access is gained through software vulnerabilities that are detected and patched relatively quickly. In the worst circumstances, it can lead to losing control of your domain and website completely as the perpetrator works to transfer your assets to himself.

Denial of service costs you money

If your business relies on the internet for revenue, anything that takes your site offline can cost you money. Distributed Denial Of Service (DDOS) attacks work by flooding your site with traffic from sources all over the world. The server is eventually unable to cope with the flood of traffic and shuts down, preventing legitimate customers from accessing your site. Even if your site manages to stay online, a moderate DDOS attack can slow down your site significantly. A slow site for an online business is as good as a death sentence. The disturbing thing is that DDOS attacks are relatively affordable for perpetrators to do and can go on for months if left unchecked.

Your server is not the only attack vector. In more sophisticated attacks, perpetrators will direct the traffic at your Domain Name Servers (DNS). These are the computers that direct requests to your main website server whenever someone types in your website in a browser, or clicks a link in a Google search result. This kind of attack would never show up on your main server logs because your DNS is taken offline, preventing the traffic from making it that far. Taking out your DNS is as good as killing your site itself because any web requests for your site will just die at the DNS stage before ever reaching your main web server.

In the case of business sabotage, DDOS is used to slow the site so search engines catalog it as a poor resource for their visitors. Site speed is one of the known ranking factors for Google search.

Your business can go under after an attack

The effects of a security breach are devastating. The reason that 60% of compromised businesses go under is that once your site is hacked, you get posted on underground brag forums. Other hackers then see that you’re vulnerable and try to hack you as well.

As you fix your site, it becomes almost like a game to them. They keep coming around for repeated attempts like a pack of wolves going after wounded prey. The more you work to fix things, the more fun it becomes to take your site down again — and these types of attacks are your best case scenario.

Criminal organizations also scan these brag forums to find easy targets. These attackers are part of organized crime syndicates in the business of compromising your data and making money from it as a coordinated business.

If your company transacts online, you can expect the initial defacement attacks to escalate and change in nature. Where some hackers are more like digital vandals, the damage that organized crime does deals with the black market exchange of data and direct fraud. Once your information is stolen, it can be sold repeatedly for money. Your passwords have value to the right criminal, and he will pay to obtain them for the purposes of deeper intrusion that ultimately ends in a pay day for him.

If you lose credit card data, it will be used to make purchases and then sold on on the black market. Ultimately you can expect it to lead to identity theft and all the negative repercussions associated with it.

Protect your valuable online assets with Corporate Governance of Information and Communication Technology (ICT)

Vital+Vectors protects your digital properties by employing a proprietary methodology of ICT Governance.

The Australian Standard for Corporate Governance of Information and Communication Technology (ICT), AS8015, defines Corporate Governance of ICT as:

“The system by which the current and future use of ICT is directed and controlled.”

Vital+Vectors ICT process begins by protecting your company from the proverbial digital ground up. Everything from your brand to your server and DNSs are factored into our security process. Depending on your current setup, we will employ legal measures, on top of the digital security, to ensure 360º protection, 24/7.

The end result is a robust infrastructure that cannot be taken offline without substantial financial resources. You’re protected from intrusion attempts, brand forgery, and DDOS attacks. In the unlikely event of a hack, your systems are quickly restored so you can get back to the business of making money and serving your customers.

Who can benefit from Vital+Vectors ICT Governance based website security

Vital+Vectors website security infrastructure is best suited to medium sized organizations trading between $800,000 to $50,000,000 per annum.

Your business may be in jeopardy. Contact us now to start discussing the protection of your company’s internet assets before you may go under.

Sources:

author

:

© 2018 Vital+Vectors by PepperVox PTY LTD