[BreachExchange] 5 Website Security Myths You Should Know About
Audrey McNeil
audrey at riskbasedsecurity.com
Tue Mar 6 18:52:47 EST 2018
http://www.webdeveloperjuice.com/2018/03/06/5-website-security-myths-know/
Businesses today are getting increasingly dependent on their websites. They
use websites to drum up a new business, or sell things, or position
themselves in their industry. Websites are often in the center of digital
communications strategies. They are also the part of the business that is
facing the public. As such, websites face exposure to various threats.
In the United States alone, every day brings another 4,000 ransomware
attacks. And that’s just ransomware —many other security attacks happen
daily. Your website is a target, just by the fact that it is online. And
while using professional web design services will go a long way in
bettering your website’s performance, it will do little to address some
security issues your website has. The most devastating of these issues are
your misconceptions about website security. Let us bust a couple of common
security myths and make you aware of the things lining up against you.
Small Businesses Are Safe
So maybe there is no such thing as being safe online. But there has to be a
difference between attack rates on big corporations and the attack rates on
small businesses. There is not that much to steal from small businesses, so
why should any hacker bother?
It turns out there are plenty of reasons. If there were not, we would not
see the numbers that show that 61% of cyber attacks in 2017 hit small
businesses. The scariest part is knowing that hackers are increasingly
turning to targeting small businesses. Year after year, we are seeing the
share of small business attacks grow, while the share of big business
attacks shrinks. The “we’re too small to count” belief is a myth. Hackers
do not care, and being a small business makes you an even better target.
We Don’t Work with Credit Cards so We’re Not a Target
Hackers are mostly targeting businesses that require customers to use
credit cards online. They are in it for the money, after all. There is no
reason to attack a website of a business that is not an online store.
All of that would be true if everything hackers wanted were credit card
numbers. But it isn’t everything hackers want. They want whatever they can
take. They can breach your website and freeze your entire tech until you
pay them — that is called a ransomware attack. Some breaches take over your
assets and use them in DDoS attacks. Mostly, hackers are looking for any
kind of information they might find useful, and that includes more things
than just credit card numbers.
SSL and Antivirus Will Keep Us Safe
There are useful software solutions that defend websites from attacks.
Antivirus and antimalware software are two of them. A secure connection
will protect all the information we exchange with website visitors. As far
as we are concerned, our website is completely safe.
Antivirus and antimalware solutions are very important, and so is SSL. But
between the three of them, they will not fend off every possible type of
attack. If a hacker really wants to access your website, they might go
through your employers, try to get their passwords, and then use them to
access your website. So no matter how important it is to have security
software and enable a secure connection, they will not cover all of the
bases.
All of Our Data is Backed Up
In case something bad happens, it is handy to have a complete backup of the
website and all of its data. That way, even if someone hacks into our
website and brings it down, we will not suffer much. They cannot take away
that data we backed up.
This type of defense might be effective against a ransomware attack. You
can simply tell the extortionist that they can go ahead and delete your
data because your backup is safe. But this will not protect you from other
types of attacks. And it does not mean that the data in your backup cannot
be poisoned.
Data Encryption and Strong Passwords Are Foolproof
It’s extremely hard to decrypt encrypted data. And long passwords with a
mix of numbers, special characters, and lower and uppercase letters are
very strong. There is no way a hacker would be able to bypass the passwords
or decrypt the data.
Everything that is encrypted can be decrypted. The strength of the
encryption determines how difficult it is to decrypt. The more difficult
the decryption, the less economical it gets for hackers to try to break it.
Encryption is useful only if it is the strongest encryption available.
Strong passwords can also make it too time-consuming for hackers to try to
break them. However, they have a workaround for passwords — the people who
use them. Strong passwords are only strong if few people know them.
The best way to protect your website is to implement as many security
features as possible. No single solution is good enough to cover every
possible line of attack. Having a strong combination of security measures
is time-consuming, tedious, and expensive. But it is the only way to keep
your website safe and secure.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180306/6ebcd560/attachment.html>
More information about the BreachExchange
mailing list