When the Federal government starts rolling out legislation that requires all federal websites to make sure they’re a secure place to visit, it’s worth speculating whether regulating business websites for the same purpose might not be very far behind.
The Safe and Secure Federal Websites Act was first introduced as a bill in 2013 and was finally passed into law in July of this year. The law requires that any federal agency that launches a new website, or that has launched any website since 2012, has to certify that those websites are safe.
The act requires that these agencies take a variety of precautions to protect visitors to their websites, and any information those visitors share. That information includes the obvious, like a person’s name, date of birth, and Social Security Number. But even more broadly it also includes “any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.”
So why could this act be a harbinger of things to come for business websites? Apart from the fact that it’s one of the first pieces of legislation focused just on website security, it may be a recognition that poorly protected websites may now be providing the greatest amount of fuel and currency for cybercriminals.
Malware is now the favorite weapon for all kinds of attackers, from state sponsored cyber war, to industrial espionage, fraud, identity theft and just about any other cybercrime you can think of.
For years, the easiest way to distribute malware was by email. Email is cheap, and thanks to spammers and hackers it’s very easy and affordable to purchase and spam tens of millions of email addresses at a time.
But as companies got better at filtering out email-borne malware, and users learned to become more suspicious of email attachments, the attackers had to find other ways to spread their malware cheaply. That’s when they turned to unprotected websites.
Today these sites are referred to as watering holes and the main source of drive-by downloads – infecting the computers and devices of visitors who simply drop by the website. It’s estimated that more than 10,000 websites are turned into watering holes every single day, and most of these are the websites of smaller businesses.
And the main attack vector for hackers is mistakes made by the website owners. Websites can often be busy and complicated, and most business owners don’t have the time or skills to constantly walk the perimeter checking for any security gaps.
So if malware is the biggest cyber threat, and poorly protected websites are the favorite distribution channel, it’s not a stretch to speculate that at some point, sooner than later, the Feds are going to consider website security too big a threat to be voluntary. It’s not unlike the evolution of car insurance, to protect both the driver of the car and any innocent third parties that the driver might come into contact with daily.
But security shouldn’t wait for security to become compulsory, especially when website security solutions such as those offered by SiteLock help you prevent the costs associated with a data breach, and even increase website performance and SEO while they’re at it. Contact SiteLock today to get started.
Google Author: Neal O’Farrell