Breaking news: No website is too small to hide from a cyberattack.
Enterprises and big brands may receive unwanted publicity for cyberattacks and data breaches, but smaller doesn’t mean safer. In fact, website attacks increased 14 percent in Q1 2018 compared to Q4 2017 as cybercriminals set their sights on independent websites and small businesses. A successful attack can result in a loss of revenue, a drop in traffic, and damage to the business or website’s reputation. The good news is? There are easy and effective ways website owners can protect their sites and reduce their risk. Knowing what you’re up against is the first step to creating a safe experience for your website and visitors.
The SiteLock Website Security Insider Q1 2018 analyzes data from over 10 million websites to pinpoint the threats website owners need to be aware of. As a new feature to the report, SiteLock surveyed 250 website owners to assess their knowledge and preparedness of cybersecurity. Below are some of the key findings and first steps to securing your website. For more insights and actionable advice for all website owners, download the full report.
Website attacks increased 14 percent from Q4 2017 to Q1 2018, confirming that a cyberattack could happen at any time.
“Cybersecurity experts often advise businesses to assume they will be attacked at some point,” says SiteLock cybersecurity expert Jessica Ortega. “It’s a safe assumption to make, given that the average website experienced a shocking 50 attacks per day on average in Q1 2018. It’s alarming how many small businesses don’t have security measures in place to prevent these attacks from being successful when they can be easily implemented.”
Even more alarming, a large number of these cyberattacks are targeting websites’ visitors. This means customers are in the crosshairs as cybercriminals exploit them for personal information, mining cryptocurrency, or manipulating search engine rankings.
How can you begin to protect your website and your customers from cyberattacks? It’s actually quite simple – be prepared for when they do happen. Start by identifying a point of contact who can help communicate a cyber incident to customers and internal teams. “Having a plan for how to handle a cybersecurity incident can mean the difference between life and death for a small business,” says Jessica. “In fact, of website owners surveyed who had a security incident, 37% reported that the attack damaged their profits. To prevent any losses, it’s critical that small businesses build website security into their budget. Fortunately, there are affordable options suited to businesses of any size.”
You can also prepare by learning about the common risks of owning a website, no matter how big or small.
High traffic and a large social media following can be signs of success for a small business, but even popularity can have disadvantages.
A sudden increase in website traffic could be a sign of successful marketing, but it could also mean visits from malicious bots. Some bots are good, like the ones that index your website for Google, but bad bots can look for vulnerabilities in your site that can be infiltrated by malware. Bad bots were so active in Q1 2018 that malicious bot traffic made up 88 percent of all traffic blocked by the SiteLock Web Application Firewall (WAF). That adds up to over 141 million malicious bot visits per week.
Additionally, cybercriminals may be using your social media accounts to identify you as a target. Sites that link to social media were found to be two times more likely to be infected than sites that don’t. Social media sites have become a new launchpad for cybercriminal activity as traditional attacks are adapted for use on these platforms. For example, phishing attacks can now occur in social media messaging applications, and malware can be spread by sharing malicious posts. However, this is no reason to shut down your online presence.
“The risks associated with websites and social media can be intimidating for those new to the topic of website security. However, these platforms are extremely valuable for your business, and there’s no reason to stop using them as long as you do so carefully,” Jessica says. “By using easily implemented security measures, like a WAF to filter out bad traffic in addition to being hyper aware of how your information is shared on social media, you can safely navigate these risks and grow your business.”
While small data breaches and website attacks rarely get mainstream media attention, they are extremely common and no less devastating. With websites experiencing an average of 50 attacks per day, no website is “too small to hack.” 60 percent of those who had experienced a cyberattack reported that it was a malware infection. This indicates a clear need for stronger website security and easily accessible information about the risks the average website owner faces.
“As cyberattacks become more sophisticated, small businesses will need to keep up by taking a proactive, holistic approach to website security,” says Jessica. “Unfortunately there’s no such thing as a no-risk website – it’s inherently risky. But with the right precautions in place, like implementing a WAF to keep out malicious traffic and creating a response plan, it is easy to protect your website from cybercriminals. Being aware of the risks and potential for attacks is just the beginning.”
More actionable advice, as well as in-depth threat analysis, is available in the full report. Download the SiteLock Website Security Insider Q1 2018 to learn more.