Our most recent cybersecurity research is now available in the “Cybersecurity Trends in 2019: Protecting Websites in the Age of Stealth Attacks” report. In it, we identified the trends, threats, and innovations in cybercrime that small businesses need to know about in order to keep their websites secure. We also look to the future, taking a good hard look at what last year’s lessons will mean moving forward.
To compile this cybersecurity industry report, we analyzed 6 million individual websites using an algorithm our team developed to evaluate website vulnerability. The goal was to identify attack patterns and risk factors based on the types of vulnerabilities present in websites and the types of attacks today’s hackers deploy. The result is a comprehensive report that offers website administrators important insights into online security.
The Biggest Cybersecurity Trends of 2018
Throughout 2018, per-day website attack attempts increased by just about 60%, peaking at 80 attacks and averaging at 62 attacks. What does this mean? More than likely, hackers are using automation in order to deploy more attacks with a broader reach.
Although cybersecurity threats may be more aggressive, our research suggests that they’re not necessarily more effective. Even as the number of attacks rose, only 60,000 sites in our sample were actually compromised — which is comparable to our 2017 findings. So while hackers are deploying more attacks, website security tools are getting better at combating them.
At the beginning of last year, many predicted that cryptocurrency mining would be one of the year’s biggest cybersecurity risks. More than half the malware attacks we studied utilized at least one backdoor file, which gives hackers constant back-end access to a website. These types of covert attacks are particularly troubling because they’re hard to spot early and eliminate quickly.
Another interesting trend we discovered is that even though attacks are on the rise, search engines are blacklisting 4% fewer websites. Unnecessary blacklisting has drawn the ire of website owners in the past, which has probably motivated search engines to take a slightly more cautious approach. In fact, only around 15% of malware-infected sites were blacklisted in 2018.
This means that website owners shouldn’t assume search engines will alert them when they’ve been attacked. Rather, the responsibility to monitor and protect against cybersecurity risks belongs to the website owner. This is one of many lessons from 2018 that will apply throughout 2019.
Cybersecurity Takeaways for 2019
Based on our 2018 observations, we have some well-informed cybersecurity predictions for the remainder of the year.
For one thing, we expect to see a continued decrease in the amount of crypto-related cybersecurity threats. For all intents and purposes, the crypto bubble has burst. As this asset becomes less appealing to investors, it becomes less appealing to hackers, too.
We also predict a similar decrease in “noisy” attacks like SEO spam and redirects. These types of attacks rely on large numbers of files, making them more likely to be detected by malware filters or security-savvy internet users. The combination of smarter technologies and better security training is making life a lot harder for hackers.
However, don’t expect them to be completely deterred. Instead, hackers will find more sophisticated ways of flying under the radar using “lean” attacks that malware filters and search engine monitors can’t detect. In the absence of an overarching security infrastructure, it’s up to website owners to take full responsibility for their online security.
Protecting Your Website Into the Future
With that in mind, here are some simple strategies designed to confront the most urgent cybersecurity threats of 2019:
- Make it a policy to choose unique usernames and strong passwords. Make sure you change them on a regular schedule.
- Use a malware scanner to automatically search your website from the inside out on a daily basis. If malware is discovered, it should also be automatically mitigated.
- Block malicious incoming traffic using a website application firewall. Make sure the firewall rules are updated regularly to reflect the latest cybersecurity trends.
- Remove any unnecessary or outdated plug-ins. At the same time, ensure all necessary plug-ins, updates, and patches are installed if you’re running on a content management system.
- Choose open-source applications based on when the last security update was applied. The more recent, the better.
- Audit these action items on a quarterly basis, including all the internal files. Pay particular attention to files with unusual names or content.
Prioritizing website security alone is not enough. If sites are going to be truly safe, website owners need to adapt their security strategies to the needs of today and tomorrow. Stay on top of cybersecurity trends to keep your security on the cutting edge.
Monique Becenti is a product and channel marketing specialist at SiteLock, a cloud-based website security provider currently protecting more than 12 million websites globally. Monique is passionate about improving the customer experience for all. SiteLock’s combination of dedicated research and developmental efforts, aggressive product road maps, and access to a massive global data set make the company a leading innovator in web security.