As more consumers shift to online shopping this holiday season, they expect their information to be protected every time they make a purchase. With just weeks left until the holiday season kicks off, now is the time to review your current website security strategy. It is important to ensure you’re well equipped to protect your customers’ data when cyber criminals attack.
Category: Cyber Attacks Page 5 of 8
October is Cyber Security Month and it’s a good excuse to assess your web applications and website security before the holiday season.
Few things pose as much risk as an attack aimed at your website. Consider the impact of data breaches to Target, Home Depot and, most recently, Experian and the American Bankers Association. It seems that not a week goes by without a new massive breach making headlines.
While organizations often think of protecting their network, website security is often overlooked, leaving a massive vulnerability open to exploitation. How can you ensure your web applications and website are safe? Use these five tips to make sure your security is where it needs to be:
Don’t you love the feeling of customer inquiries in your morning inbox? So much interest in your site! You look closer at the emails and find they’re all from Michael – Michael Jordan, Michael Kors, Michael Vuitton – well, Louis Vuitton, but you get the point. Somehow, spambots found your form and blindly barraged your inbox with handbag and sneaker spam, or worse, adult content. How do you, a busy business owner, stop the spam while allowing legitimate requests? The good news is that you have a couple options – one is easy and the other, even easier.
Data breaches are fairly common occurrences these days – in 2014 alone, nearly half (43%) of all companies experienced a cyber attack. Even worse is that most data breaches take weeks or even months to discover, which can have devastating effects on a business since the average cost of a compromised record is worth more than $194.
What can businesses do to prepare for and mitigate the inevitable cyber attack? Check out what Neill Feather, president of SiteLock, recently wrote in an article on Smart Data Collective to help businesses put the proper recovery and response plans in place.
We teach our kids not to share anything on the internet that they wouldn’t want their grandmothers to see. We tell our employees to be mindful of private information shared via email. But are we really doing all we can to protect this method of conversation?
Cybersecurity And Your Emails
There are over 204 million emails sent each minute, yet email is one of the most overlooked technologies when it comes to cyber security. A recent study by Domo showed more than 53% of employees receive unencrypted and risky corporate data through email or an attachment. How can we help ensure that the information we’re interacting with is secure?
What Is PGP Encryption?
PGP, which stands for Pretty Good Privacy, is a great first step. PGP works by encrypting email between two people who each have unique digital fingerprints known as PGP keys.
Please read the following post with this notion in mind: DoS doesn’t refer to the classic operating system, nor is DDoS a “Different” version of this system.
DoS and DDoS are two common types of cyber attacks that can block legitimate users from getting access to your website. Both attacks can cause companies to lose millions of dollars in just a few hours. According to Incapsula, the average cost of a successful DDoS attack is $500,000. Although these two attacks look similar and both have unfavorable financial influences, the difference between them is more than just the letter “D.”
A Denial-of-Service attack (DoS attack) is a type of cyber attack executed from a single server or a home network. It can compromise your website in the following ways:
Consider this scenario: You’re the VP of IT for an insurance company. It’s 4 a.m. and you receive a frantic phone call from your CEO who informs you that sensitive client information (credit card numbers, SSN’s) has been leaked. Completely stunned, you look for answers. Turns out someone injected a Paline of malicious script into your website source code… nearly two months ago.
A recent report from PandaLabs suggests that “there were twice as many malware infections in 2014 compared to 2013” and that 2015 could be even worse. Today’s attacks are becoming increasingly sophisticated, and a simple malware injection can compromise your entire database.
One of the most effective and efficient ways to prevent attacks is by employing a type of website scanner. Website scan tools run in the background and can immediately identify malware and vulnerabilities but not all scanners are made equally. External malware scanners crawl each page of a site, much like a search engine, and look for malicious links or script, while internal malware scanners download a site’s source code and analyze each line looking for the signatures of malicious code. Finally, penetration testing scanners manipulate URLs and forms to attempt to exploit weaknesses in code.
- Identify malware and receive notifications if issues are found, helping keep your information secured and your website from being blacklisted
- Automatic remediation of known threats
- Ensure network security by checking ports on your server to make sure only appropriate visitors gain access to your website
- Monitor FTP and file change to provide you with full visibility of website changes
- Protect your database from SQL injections by probing your website for weaknesses
Companies should be cautious when making purchase decisions for a scanning product as poorly performed scans can negatively impact your site’s ability to conduct business. For instance, some scanners submit thousands of requests to web forms – such as contact forms – to probe for weaknesses. Similarly, poorly designed vulnerability tests can spam your inbox with testing emails and impact the performance of your website due to unnecessary load (similar to DDoS).
SiteLock INFINITY is a safe and efficient solution that provides well-designed and continuous scanning, including the only automatic detection and removal in the industry. For an added layer of security, the SiteLock TrueShield Web Application Firewall (WAF) prevents malicious traffic from even getting in. Active website scanning tools and a WAF will help mitigate cyber attacks, and more importantly, protect your customer’s valuable data. For more information on integrating these solutions into your existing website call 855.378.6200.
If you think that DDoS attacks are just a problem for the big guys, a new study might change your mind. The recently published DDoS Impact Survey found that nearly one in every two companies, regardless of size, were victims of a Distributed Denial of Service attack. The average cost of a DDoS attack ran to around $40,000 for every hour the attack lasted
The authors of the survey spoke to nearly 300 North American companies, ranging in size from 250 employees to more than 10,000. The responses were very troubling:
If businesses are to survive the growing threat of DDoS (Distributed Denial of Service) attacks, then DDoS protection must evolve quickly and respond even faster. Hackers have no shortage of options when it comes to launching DDoS attacks. In early October, Akamai warned that hackers are now targeting Universal Plug and Play devices, or UPnP, to launch their attacks. The firm estimated that there were more than 4 million UPnP devices, from home routers to web cams, that were vulnerable to being conscripted by hackers to launch devastating DDoS attacks.
Who would consider the possibility of a USB exploit? Whether it’s malware prevention, detection, or removal, the sneaky critters are now getting so clever the challenge of dealing with them just seems to get harder. And sometimes people just get in the way.
You have to consider a USB infected and throw it away as soon as it touches a non-trusted computer.
Story Of A USB Exploit
A couple of months back, a fellow security hack told me the story of a simple but effective way hackers had found to break into a business simply by exploiting the curiosity of a CEO.