Think Your Website is Too Small to be Hacked? Think Again, Says Sitelock
The Secret Life of Websites, a Sitelock Website Security Insider (Q1 2018) Report Published This Month, Gives Insights into Website Security and Much More
The Cambridge Analytica data breach turned out to be just the tip of the iceberg. After Facebook, Panera Bread, MyFitnessPal and other big enterprises and brands kept the talk around data privacy going. Turns out, you don’t have to be a big name in the market in order to face cybersecurity issues. The SiteLock Website Security Insider (Q1 2018) analyzed data from over 10 million websites to pinpoint the threats website owners need to be aware of.
The study found out that website attacks have increased by 14 percent in Q1 2018 compared to Q4 2017 as cybercriminals set their sights on independent websites and small businesses. A successful attack can result in a loss of revenue, a drop in traffic, and damage to the business or website’s reputation.
Cybersecurity expert Jessica Ortega analyzed this data for the most up-to-date insights on website attacks. The SiteLock Website Security Insider Q1 2018 examines the trends, vulnerabilities, and risk factors that cause small business websites to be the target of cyber attacks.
Here are some of the key findings of the study
Size does not matter
“Cybersecurity experts often advise businesses to assume that they will be attacked at some point,” says Ortega, adding, “It’s a safe assumption to make, given that the average website experienced a shocking 50 attacks per day on average in Q1 2018. It’s alarming how many small businesses don’t have security measures in place to prevent these attacks from being successful when they can be easily implemented.”
In Q1 2018, SiteLock surveyed over 250 website owners to assess their knowledge and what they fear most about website security.
- 78% of respondents reported being knowledgeable in website security.
- 14% of respondents reported that they had never updated their website application or did not know how.
- 4% of website owners surveyed were unsure if their website had ever been compromised. Of those that did report a cyber attack on their website, 36% reported that the incident caused lost revenue and harmed their bottom line.
- 42% of respondents also reported that their biggest website security fear was a defacement, indicating a lack of awareness that the quieter and stealthier malware attacks are just as, if not more, damaging.
Beware of bots
If you see a sudden spike in website traffic, it could be a sign of successful marketing, but it could also mean visits from malicious bots. While some bots are good, like the ones that index your website for Google, there are bad bots that can look for vulnerabilities in your site to be infiltrated by malware.
SiteLock examined over 60,000 sites protected by a web application firewall (WAF) to analyze trends amongst would-be attackers. The results were startling—on a weekly basis, more than 141 million visits to these websites were from malicious or suspicious bots. In fact, bad bots accounted for 88% of traffic stopped by the firewall.
Additionally, Sitelock found that the firewall blocked over 773,000 threats on a weekly basis, including attempted SQLi and XSS attacks. These threats mean that websites experienced an average of 50 attacks per day in Q1 2018.
CMS, patches and plugins, what’s good?
While website vulnerabilities do not exclusively impact open source CMS applications, the continued rise in popularity of these applications means their security flaws are more publicized than ever before. SiteLock examined 1.9 million websites using content management systems to determine how likely they were to be compromised, as well as the factors that put them at increased risk.
On average, it was found that CMS websites are approximately twice as likely to be compromised as sites that do not use a content management system. While out-of-date applications are a likely reason for the increased risk, it was not the only risk factor.
- Among WordPress sites, nearly half (48%) of infected sites were running the latest core security updates at the time of compromise.
- Among Joomla! sites that had malicious content, 18% were running the latest core updates.
- Interestingly, the number of up-to-date Drupal sites doubled from 18% in Q4 2017 to 36% in Q1 2018. This is most likely due to Drupal releasing multiple updates and public service announcements for the critical Drupalgeddon2 vulnerability.
Popularity isn’t always good
As social media becomes the communication channel of choice for more consumers, traditional attack tools are being adapted for use in an increasingly connected world. For instance, phishing has moved beyond the realm of email and website attacks into social media messenger systems.
While social media has its risks, there are easy steps that can be taken to mitigate your risk, such as avoiding sharing content from unfamiliar sources and not reusing passwords.
It’s time for ‘Constant Vigilance!’
You can keep your website secure without breaking the bank by
- Remaining vigilant. Keep an eye on cybersecurity news and trends.
- Planning ahead. Know what to do in the event of a cyber attack.
- Implementing a web application firewall (WAF) to filter out malicious and bot traffic.
- Using two-factor authentication whenever possible. Adding another layer of security to your passwords can help keep cybercriminals out.
- Knowing your risk of a compromise and following the best practices of securing your website can help you proactively protect your website, small business, and—most importantly—your site’s visitors.
Recommended Read: Three Things Marketers Should Know About Cybersecurity