Don’t expect alarms to go off when cybercriminals launch an attack. In fact, it’s just the opposite. What do cybercriminals want? Mostly to remain invisible. That’s why they make every effort to fly under the radar — and why attacks can go unnoticed for months or even years.
Take a recent cyber attack on Florida healthcare provider AdventHealth. The attack was discovered in February 2019 — a full year after cybercriminals gained access. Attackers used that lengthy window to steal the personal records of 50,000 patients and cover up the evidence of their crime.
Unfortunately, these types of attacks aren’t outliers. Some of the most common hacking techniques — SQL injections, CSRF, and XSS — are also the most subtle. They succeed because they avoid raising red flags and because they exploit easy vulnerabilities. In fact, 20% of all sites hosted on WordPress are vulnerable to at least one of these attacks.
Cybercriminals are becoming increasingly stealthy, but they’re not unstoppable. The first step to protecting your website is to be aware of cybersecurity threats and the possible consequences of an undetected attack.
The Cost of Overlooked Cyber Attacks for Small Businesses
Did you know it takes an average of 197 days to detect a data breach, then another 69 days to contain it? That’s almost nine months total. Containment times are directly related to the final costs. The Ponemon Institute calculated that the average cost of a cyber attack for companies that can stop a breach within 30 days is $3.09 million, and for those that take more than 30 days, that cost skyrockets to $4.25 million.
The cost of a cyber attack for small businesses specifically may not be quite so high, but the consequences can still be devastating. For most small businesses, the cost of a breach exceeds $100,000 — and that doesn’t even factor in the costs associated with rebuilding the brand’s reputation. Over 60% of visitors will not return to a website after an attack.
Compounding the problem, small and mid-sized businesses lack sophisticated defenses or expansive IT budgets, making cyber attacks more likely to be successful. For those same reasons, small businesses are less likely to notice the attack or know how to contain it quickly. Detecting cyber attacks immediately should be a priority, but the real goal is to prevent them in the first place.
How to Protect Your Small Business Against a Cyber Attack
When cybercriminals attacked AdventHealth, the company lacked internal security measures to alert someone about the breach. As a result, it went undetected for more than 16 months. To ensure that cyber attacks don’t fly under the radar, install automated website scanners to detect any abnormalities. This is the fastest, most effective way to find malware and other known security vulnerabilities on your site. As soon as you’re notified of a potential problem, you can investigate and prevent it from spreading further.
You can also automatically monitor and block bad traffic with a web application firewall. This will stop any unwanted visitors from accessing your website, which can prevent attackers from accessing your data in the first place.
Automated scanners and WAFs can catch a lot of attacks, but cybercriminals are always finding clever new ways to evade detection. Therefore, to protect your small business against a cyber attack, you must guard against the ones you can’t spot or stop. Encryption makes your data unreadable, even if someone gains access to your databases. The data becomes useless to attackers and effectively shuts down the attack.
This strategy only works, however, when all the data is encrypted. Facebook discovered why when it detected a system flaw that caused millions of users’ passwords to be stored in plain text. Thankfully, the data was never stolen but had attackers gained access, it would have been a historic breach. To avoid a similar outcome, be sure to encrypt all of your business’s data, even if it doesn’t seem particularly sensitive or valuable.
If there was a cyber attack hiding in your IT infrastructure, how would you know? If the answer is uncertain, the solution is to get serious about website security.
Monique Becenti is a product and channel marketing specialist at SiteLock, a cloud-based website security provider currently protecting more than 12 million websites globally. Monique is passionate about improving the customer experience for all. SiteLock’s combination of dedicated research and developmental efforts, aggressive product road maps, and access to a massive global data set make the company a leading innovator in web security.