Every business, whether large or small, needs to have a customer-facing website these days, and in the past twelve months Australians spent $17.5 billion on online retail sales. In fact, according to Avast Software, online shopping is Australia’s number one online activity, social media, banking and emailing…before we get down to adult content, illegal torrent sites and checking the weather forecasts, which are also in the top ten.
While this level of online activity is great for commerce in Australia, it also brings with it a host of problems – potentially very damaging ones. Companies and web developers know that a website needs security, but many business owners do not understand the depth of online threats that exist, and the ever-evolving complexity of attacks.
Regardless of whether a website sells directly to the public, or simply exists as a tool to host marketing information and contact details, an attack can be disastrous to business credibility and continuity. Imagine a client happily selling from the web one minute, then having to contact an entire customer base and explain that their security has been compromised. Payment details may have fallen into the hands of criminals, a foreign entity may be blackmailing the company or perhaps there has been a malicious attack and sales can’t continue as the online inventory is down.
Such a large target as Australia’s online business will inevitably be tempting to all manner of cyber criminals, and the sophistication of today’s hackers makes websites increasingly vulnerable. Most websites have a basic level of protection, usually in the form of a firewall at the domain of their host. However, a firewall is often a poor defence against modern attacks, leaving websites open to theft and fraud, which is severely damaging to a company’s reputation and business.
Attacks can take many forms, and are constantly evolving in size, scope and complexity. DoS or Denial of Service attacks are designed to disable a network or a network resource by consuming available resources and thus disabling legitimate user access. There are two general forms of DoS attacks: those that crash services and those that flood services so that normal business operations cannot continue.
Ransomware is the terminology used for software that infects a victim’s network, and then demands a ransom in order for hackers to unlock it. Cryptoware and Cryptolocker are two common examples of this form of attack.
Another form of cybercrime is the ‘waterhole attack’, where the attacker will gather strategic information about a business, such as trusted websites often visited by employees, then insert an exploit into the selected site. Victims will visit the compromised site and unintentionally download malware such as Remote Access Trojans, allowing the attacker access to confidential information or to take control of vulnerable systems.
Phishing, identity theft, triangulation attacks, botnets, zero-day attacks – there are many more dangers lurking in the cyber world, and Australian businesses need to be vigilant in order to stop them. A plan, a top-line defence and a strategy for reporting potential hazards to the authorities are all essential in order to preserve a stable business and customer trust.
Imagine what an attack could do to your business. Aside from leaving customers open to potential credit card and identity theft, the very fact that your resources were attacked could be very damaging to the company’s reputation. Being the source of a damaging and debilitating attack could cause endless headaches, and take a long time to recover from.
When focusing on protecting a website it is important to recognise that all sites are different. A business website can be as simple as a single static HTML page with no dependencies, through to complex sites utilising multiple operating systems and software applications working in synergy with each other.
A firewall working alone is simply not enough protection these days. Businesses in Australia need a security plan, some basic form of risk assessment, a strong, dedicated online security provider and a means of telling the proper authorities when an attempted attack takes place.
There are some excellent, reasonably-priced internet security companies these days, some of which are free. This does not necessarily mean they are ‘cheap and nasty’ products, as some companies make a whole lot of money from external and third-party companies, without needing to charge small business owners.
Mobile security is also a consideration, with recent Google figures reporting that consumers spend up to fifteen hours per week browsing online on a mobile device for goods and services. If that mobile links back to a business, it can introduce a virus or other threat just as quickly as a desktop PC can. There are more and more mobile security providers coming into the market, and mobile should definitely be part of a company’s security plan.
A Managed Security Services Provider (MSSP) can often offer greater protection to a business, as well as providing valuable reports on where attacks are coming from. With the dangers becoming ever more sophisticated, risking business continuity by leaving things to chance simply isn’t a wise option any more.
Guard against attack…by planning ahead
- Educate yourself and users of the potential risks
- Understand your responsibilities
- Monitor and manage any potential incursions
- Implement strong password and encryption technologies
- Invest in Tier 1 security tools and systems to protect your site
- Work with security focused service providers
- Report any incursions promptly to the correct authorities
Luke Frost is a professional writer, and director of Sydney-based communications consultancy PR Deadlines, who specialise in providing meaningful content to all aspects of the IT industry in Australia and New Zealand. www.prdeadlines.com.au