Many small website owners have been compromised by a cyber attack and don’t even know it. Most attacks remain undetected, due to the increasingly sophisticated and stealthy techniques used by modern-day data pirates, also known as hackers, as well as the low degree of security awareness commonplace among website owners, both large and small.
To better understand the nature of web server security, the following provides an overview of the types of cyber attacks along with some of the common myths held by website owners.
Cyber attacks come in three shapes: targeted attacks, semi-targeted and untargeted attacks. In a targeted attack, the site hacked is the target and nothing else. Fortunately these kinds of attacks are quite rare, in the SMB sector, due to the complexity and time required to execute them. However, small business owners should not assume that because their company’s site is small that they will get a “pass” on being compromised.
In semi-targeted attacks, a small business is not the intended target; however, it may be the most attractive key in executing an effective web server attack. If your web server is hosted in the same subnet of an attractively stocked datacenter (which it very likely is), you are vulnerable by association with larger company servers that may be the ultimate target of a hacker.
In web server attacks, hackers will follow the path of least resistance, meaning, they will look for the web server (often of a small company) with the weakest link in the security chain, and use that to access a datacenter and all the servers it contains.
Encrypting passwords can be another false hope, because good hackers can backdoor access to your login and collect any desirable credentials in plaintext. If your website or server belongs to a country or mentions products or services on a hackers “wish list”, that may be all that is needed to pursue a semi-targeted attack of your website. Again, often it’s the small website or server that is the easiest to compromise.
For untargeted attacks, which are the most common today in the SMB sector, the draw is quantity over quality. Black Hats (hackers) pursue hacking as a business of widgets; one widget may fetch $1, but multiply that out and it can be a substantially lucrative stream of revenue, which is the principal motivation of these types of attacks.
The more detail a record has, the greater the asking and selling price can be, and again, given the difficulty and costliness of an attack on the biggest and the best in the e-commerce sphere, the ROI on hitting a slew of smaller players is substantially more attractive from a cost-benefit perspective.
If you think that your site is too obscure to be caught – think again. Robots comb the web continuously and these are used by hackers to seek and compromise the most vulnerable e-commerce sites on it. Web applications make very attractive prey for targeted, semi-targeted and untargeted attacks.
In fact, in the past three years alone High-Tech Bridge Security Research Lab identified nearly 1,000 vulnerabilities within open-source and commercial web applications used by tens of millions of live websites. For these reasons, businesses must take a proactive stance to safeguard their data at-rest as well as in the cloud and become as diligent in that pursuit as the would-be hacker or hacktivist.