Websites experience 22 cyberattacks per day on average. That’s more than 8,000 attacks per year, per website. You might assume the majority of these attacks are aimed at eCommerce sites because they accept and store credit card information, but actually, the eCommerce sector accounts for only one percent of compromised websites.
Many website owners, especially small businesses, don’t realize their site is a target for malicious cyberattacks. As a result, most don’t think they need website security. Instead, they rely on “security by obscurity,” which implies that the less popular and attention grabbing the website, the less likely it is to be compromised.
The truth is, there’s no such thing as “too small to hack.” Any business that has a website, regardless of number of features or amount of traffic, will always be at risk of cyber threats.
What Are Cybercriminals After?
Many people think website defacements are the main reason their sites gets hacked. A defacement is like electronic graffiti, in which cybercriminals will change the visual appearance of a site. In actuality, only two percent of hacked websites are defaced, as most cybercriminals work under the radar so they can disguise their attacks.
What cybercriminals really want are your website’s resources, like bandwidth, traffic, customer data and email addresses. To get this information, they’ll target sites you might not expect, such as blogs, small businesses and non-profits.
Why Would a Cybercriminal Target a Blog?
A small blog might seem like a random target, but not to cybercriminals. They will take advantage of a blog’s comment section to insert spam links, steal traffic and bandwidth.
SEO Spam – Cybercriminals use SEO spam to boost their search engine rankings by inserting backlinks and spam content on websites.
- 21% of hacked websites are infected with SEO spam.
Steal Traffic – Hackers steal web traffic for their own benefit. For example, they will send traffic to pharmaceutical sites in hopes of making a profit.
- 21% of websites owners experience traffic stolen from their sites.
Steal Bandwidth or Computing Resources – Cybercriminals steal bandwidth to aid in sending automated attacks.
- 6% of website owners have resources stolen from their sites.
Why Would a Cybercriminal Target a Small Business?
You might not expect your information to be stolen from a small business’s website because the brand might not be that well known. However, many small business sites are not actively managed, making them ideal targets. Hackers will take matters into their own hands and use shell programs to gain control of the site.
Shell Programs – Shell programs give hackers the control of a website’s files and the ability to administer a website.
- 39% of hacked websites are infected by shell programs, which gives the hacker control of a site’s files.
Why Would a Cybercriminal Target a Non-Profit?
Would you be surprised to find out that a non-profit’s website had been hacked? Non-profit sites store donor information, which cybercriminals will try to access by using a backdoor file.
Backdoor files – Cybercriminals use backdoor files to sneak into websites and steal customer data.
- 73% of hacked websites are infected with backdoor files, which provide access to sensitive customer data, like credit card info or email addresses.
Don’t Rely on Security by Obscurity: Be Certain Your Website is Secure
Obscurity should never be your only security defense. Assume that a cybercriminal is always targeting your website, because likely they are.
Scan for Clarity
Use a website scanner to find SEO spam, vulnerabilities and malware on your website or blog. Be sure to use a scanner that can automatically remove the malware from your site.
Use a web application firewall (WAF) to help protect your site from bad bots and other malicious traffic. A WAF can differentiate human traffic from bot traffic, allowing only good traffic to enter the site. It can also help prevent hackers from uploading files or changing a site’s content.
Have a Back-up
Make sure to do frequent backups on your website. Website attacks can destroy site content, so backups are crucial to recovering damage.
To learn more about the website security products available to you, check out our cloud-based website security product portfolio or call our experts at 855-378-6200. We are available 24/7 to help!
*This data is based on the SiteLock® database of over six million websites as of March 2017.