Cyber Threats that Might Compromise Your Company's Website - and How to Stay Protected
Running a company nowadays inevitably includes online presence in various forms - online advertising, social media accounts - and of course a website. But with great potential come great risks, too - more elaborate and widespread cyber attacks have been targeting enterprises lately, trying to extort funds and devastating stakeholders worldwide. The Petya ransomware attack in late June affected around 2,000 computers and crippled companies across Europe, the USA and the Middle East, including British advertising giant WPP and transport and logistics company Maersk, demanding $300 (£235) ransom in Bitcoin from each user.
Getting the Right Information Leads to the Right Protection
Against this landscape, it is crucial to get informed about online threats that might be lurking and protect your company's website and information system against them. A good place to start is making sure that both are covered against the most serious and common cyber risks, as outlined in the OWASP Top Ten Release Candidate. OWASP stands for Open Web Application Security Project, an open community of cybersecurity professionals that have joined forces to promote online security and provide practical and comprehensive information on application security. Every couple of years they publish a list with the most critical web application threats, helping individuals and organizations stay ahead of the game and identify the appropriate tools to guard against them.
OWASP features highly technical threats such as injection flaws (including SQL, OS, XXE, and LDAP injection), which occur when untrusted hostile data tricks an interpreter into executing unintended commands or accessing unauthorised information, and cross-site scripting (XSS), which allows hackers to execute scripts in the affected browser, resulting in hijacked user sessions or even redirecting users to malicious websites. After getting informed, it is time to choose the appropriate tools: for instance, a high quality web application firewall will protect against all of these threats. WAF for short, a firewall of this type puts in place several added layers of security policies between your web applications and incoming traffic in order to filter out malicious visitors and requests. It also eliminates the need for other threat mitigation solutions such as CAPTCHA prompts that can be time-consuming and frustrating for clients.
Personnel Awareness Is Key to Combating Ransomware Threats
Except for the right tools and software, the right people also play a crucial role in containing threats. Hiring cyber security and IT professionals is fundamental, but there is more to it. Employee awareness, or rather lack thereof, is perceived as one of the leading causes of ransomware infection, according to a 2016 survey. So getting the proper training available to your personnel -not just in the IT department, but across all fields- might just push your company to go that extra mile in terms of staying protected.
You will find more statistics at Statista
It is important to keep in mind that there is more at stake here than just funds and resources lost to retroactively combat attacks. A recent UK survey reveals that cyber attacks also damage a firm's reputation in general: 25% of consumers stated that nothing could restore their trust after a data breach, while 30% said they would change suppliers in case of a security incident. A further 28% explained that they would never consider a company that has fallen victim to an attack.
This is exactly why this is the type of research to which any entrepreneur cannot afford not to invest time and resources - simply because if you do come across a hacker attack, lack of proper cyber security will have devastating and long-lasting ramifications for both online and offline activities.
Join the Conversation