All organizations that have some form of IT infrastructure, especially public-facing ones, such as websites and apps, will need better security measures to safeguard their data and that of their users. So whether you run a small business or a large enterprise,you should be aware of what attacks place you at most risk.
Here are the top three threats online services face and some ideas on how to deal with them:
Distributed denial-of-service attacks (DDoS) overwhelm your network or server with massive volumes of traffic in order to render it inaccessible to you and your users. 2016 saw DDoS attacks break records in the amount of bandwidth used to take down networks. It is now possible to launch terabit-per-second (Tbps) attacks mostly through compromised network devices. Even connected devices like webcams can be used as attack vectors.
Such DDoS attacks were massive enough to take out service providers like Dyn whose network serves top websites like Twitter, Netflix, and The New York Times. Dyn’s downtime also caused interruptions for these services.
According to security provider Incapsula, a DDoS attack can coste-commerce sites $40,000 for each hour of downtime (Source). For businesses that use servers for collaboration and communication, a DDoS attack can also result in loss of productivity.Many DDoS attacks also serve as a smoke screen for other malicious activity, such as implanting your server with malware or stealing your data.
2016 was a ripe year for data breaches. Perhaps among the most publicized one was Yahoo!’s disclosure of a security breach from 2014 that affected a billion user accounts. Even financial institutions and political groups were not safe from getting people’s records stolen due to poor security.
Stolen records still fetch a good amount of money in the black market, so any website or service that stores user information can be a prime target for attackers.For a sizable company, a data breach can entail massive costs. An IBM study places each stolen record to cost $158 so for a database containing customer data – a breach can have an impact of a millions of dollars for a big enterprise.
Brands that experience data breaches also suffer from damaged reputations that can be hard to fix. Dating website Ashley Madison continues to face issues and legal action after its client data was leaked in 2015.
While ransomware attacks aren’t getting much news mileage, these continue to be regarded as top threats. Ransomware are malware that encrypt files in a computer, server, or even a whole network rendering them inaccessible.Files may only be recovered if you pay the ransom. Unfortunately, small businesses and even individual users are often the targets of ransomware due to lax or absent security.
Computers are often infected when users inadvertently install software from phishing sites. Servers can also be attacked through unpatched vulnerabilities.Trend Micro says that the average ransom asked by attackers is £540, but some organizations report being asked thousands of dollars to decrypt their files. Ransom is usually demanded in Bitcoin, which makes it difficult to trace or know the identities of attackers. There is also no assurance that victims get their data back if ever they do pay.
Dealing with threats
There are several security measures site and service owners can take to lessen the risk from these cyberattacks.
Doing a security audit of risk areas should be the first step. If you have a website, check if your webhosting provider provides protection on their end. You can subscribe to DDoS prevention services that can filter bad bots from consuming your site’s bandwidth.Always update your content management system, themes, and plugins that you may be using. Disable and delete old and unsupported add-ons.
If your website accepts login information or customer data, make sure to encrypt passwords and payment information. Use SSL to encrypt data transmission. Protect the user accounts that have administrator access to your control panel and databases. Deploying a web application firewall (WAF)also helps to screen and block malicious traffic and protect areas of your website or service from unauthorized access. Incapsula’sWeb Application Firewall also provides two-factor authentication that adds another layer of verification, in case your administrator accounts get compromised.
The human element is critical to any security policy. Educate staff on responsible use of computing resources. Teach them on how to identify phishing links in sites and emails and to avoid installing software from unauthorized or unknown sources. If you provide a company email, consider using a cloud-based email provider rather than bundled web host email, since dedicated providers like Gmail have more advanced security features to screen out spam and malware attachments.
Be safe than sorry
The effect of cyberattacks can cripple businesses of all sizes. With cybercriminals being indiscriminate on who they attack, even small ventures are at risk. The costs are even significant enough to stymie growth or even put you out of business. So, if your business has anything that relies on the web, make security a priority.