There is a clear distinction between being attacked and getting hacked: you are going to be the target of attackers, whether or not they succeed is up to you.
It is inevitable that any business operating a website, be it an online store, blog, or service-based website, will be attacked. The cyberattack process is predictable: First, an attacker will attempt to find vulnerabilities in a website by manually testing functions or by using free tools to scan a site for vulnerabilities. After locating a vulnerability, the attacker will exploit the vulnerability either by placing malware on a website hosting server or by downloading and stealing information.
At this point, the website being attacked has been hacked.
Once a website is hacked, the disruption to business will appear quickly but vary in severity. Business disruptions as a result of being hacked may include but are not limited to:
Many owners of small to medium-sized businesses mistakenly assume their enterprise will escape the attention of online criminals. However, to some extent, these are the businesses under increased threat of security breaches. This is because owners of small to medium-sized businesses often use content management systems, such as WordPress, to efficiently and inexpensively establish a website without having to design a site from scratch.
While convenient, this widespread use of content management systems can create opportunities for cybercriminals. Currently, roughly 43% of all websites use WordPress as a content management system. Even though WordPress is constantly being updated and reviewed for security, plugins that extend the open-source project are frequently vulnerable and lack proper security features. Attackers know about these vulnerabilities and will scan hundreds of thousands of sites looking for them.
This situation is why small to medium-sized businesses need to be aware of common website vulnerabilities and attacks in order to best protect themselves and their customers. They’re not deliberately attacking you: they’re looking for anyone they can find, and you need to make sure they don’t find you.
What you can do …
While most businesses outsource the hosting and development of their websites, often the developer is chosen based on price or availability. Security can appear more expensive in the short term, but it’s cheaper in the long run: you will get attacked eventually, and it’s much cheaper to guard against it now than it is to fix it later. Most competent developers know how to develop securely, but often they need to know it’s also a priority for you.
Here are three questions to ask your developers about their security practices:
What more you can do …
In addition to seeking the above information, here are our recommendations to enhance the security of your website and protect your data. Following these recommendations will enable you to defend against most automated attacks and begin to defend against targeted attacks. Our next line of defence is to:
It is no surprise that the increased digitisation of business operations has prompted an increase in cybercrime. The benefit of having business websites publicly accessible 24/7 for customers and clients carries with it the drawback of being constantly probed and vulnerable to the exploitation of cybercriminals. However, just because attacks are inevitable, the chance of a successful hack can be prevented by being knowledgeable and prepared.
Pragma is a global Cyber Security and Regulatory Consulting firm that helps leading businesses, governments, and not-for-profit organisations strengthen cyber and regulatory resilience with a pragmatic approach.
Learn more about Pragma’s Cyber Security Consulting Services