Most Webmasters Struggle With Website Security
Stories about the latest exploits of Anonymous and its offshoots appear in the headlines almost once a week; distributed denial-of-service (DDoS) attacks are the group's claim to fame, and most of the cyber criminals' victims never see it coming. Of course, most midsized businesses won't find themselves the target of the hacktivist collective, but that doesn't mean that smaller organizations don't have other threats to be concerned about.
According to a recent report, however, organizations often fail to take the proper steps to secure their websites from hackers, and only a small percentage of webmasters detect issues on their own when a website has been compromised. Commtouch, a security firm, and StopBadware, a nonprofit organization aimed at protecting consumers from malicious software, surveyed over 600 website administrators whose websites had been hacked.
According to the survey, 68 percent of webmasters didn't even know how their websites were compromised. Of site owners who did know how the compromise occurred, 20 percent stated the caused was outdated website software or plug-ins. Twelve percent blamed malware infecting the computer that was used to update or access the website, and 6 percent had their administrative credentials stolen.
The vast majority of respondents didn't know that a compromise occurred until notified by a third party, and only six percent of website administrators detected the compromise after noticing increased or unexpected activity on the site. On top of that, once a compromise had been detected, about a quarter of respondents were unable to resolve the problem or didn't know what to do.
Although the report provides some insight into how website security is handled at some organizations, it unfortunately doesn't cover in depth the deleterious effects that hacking can have on a company. In reality, failing to secure a website from hackers can spell catastrophe for a business (as well as for its customers). Compromised websites often host malware or redirect viewers to another page--one usually containing malicious software. Employees visiting the hacked site can find their PCs infected, and the malware can spread to other workstations connected to the same network.
For organizations that use their websites to process client orders, hackers are an even greater danger, as cyber criminals could steal sensitive data from unsuspecting customers. Companies sometimes underestimate or aren't aware of the threats to their websites, but failing to follow best practices can have long-term effects. As stated above, Web administrators often fail to detect malicious activity on their own, and some struggle to resolve the issue once the breach has been detected.
Simple security measures can prevent malicious attacks. Organizations should keep their content management software (CMS) and plug-ins up to date and scan workstations for malware on a regular basis. Website administrators should create strong passwords and avoid using the same credentials across different platforms. Additionally, changes to the website should not be performed from a public computer or a PC logged into a public network.