2014 was a year of high-profile hacks for businesses around the world. From The Home Depot breach to the recent Sony data leak, it seemed like as soon as one data breach was under control, another one came to light.
This unfortunate trend wasn’t limited to large corporations, and many breaches eluded front page news but still affected businesses around the world. Small to medium enterprises certainly aren’t immune from data breaches: web platforms also faced malware attacks this year, like the SoakSoak malware that hit WordPress sites, the attack on Drupal and the CryptoPHP backdoor that targeted HTML-based sites like Joomla.
In light of these events, a top priority for businesses will be securing their data in 2015. The bad news? Hackers won’t stop just because it’s the new year: recent hacks are representative of the digital age we live in, and accessibility comes at a price. The good news, though, is that security standards are also evolving to combat these hacks.
Perhaps the most important, yet often overlooked, asset to secure is a business’ website, yet 30,000 sites are infected with malware every day. Instead of gambling with security and hoping the next hack passes them over, businesses need to take a proactive approach to managing the security of their web presence. Here are the top three reasons why all businesses should reevaluate their web security standards in 2015.
1. Most attacks are aimed at web apps
The traditional school of thought surrounding enterprise security is to secure the organization’s network and PCs. In today’s cloud- and web-based environment, though, simply maintaining firewalls and running virus scans won’t protect against the majority of threats. In fact, 80% of attacks are aimed at web apps — and the threat environment is constantly evolving, with approximately 1 million malware strands introduced each week. The impact of these malware strands vary, but they do everything from destroying site functionality to stealing customer data.
2. Data attacks are accelerating
It isn’t a coincidence that we hear about data breaches more often these days. With the increased adoption of new technologies in the enterprise and a move to cloud-based systems, data attacks are occurring at an increasingly rapid rate.
There are a few reasons for this escalation of data attacks. The rise of open source software makes many sites more susceptible to damage (a prime example of this is the Heartbleed bug, uncovered in early 2014). The prevalence of CMS platforms makes websites dynamic — and a vulnerable target for hackers.
Finally, there’s just more data out there for hackers to take: web-based systems promote accessibility, but it also takes sensitive information out of the hands of individual users and system administrators. Increased amounts of data coupled with flawed systems create the perfect storm, and protecting websites becomes challenging. Because of this, 83% of websites have some sort of vulnerability; it’s not a question of if an attack will happen, it’s when.
3. Hackers are becoming more sophisticated
Those million strands of malware are coming from somewhere — hackers. They might seem elusive, but the truth is they’re systematic, and reacting to an ever-changing threat environment. This is creating a landscape of sophisticated hacks that take time to uncover, and might go unnoticed without a web security system in place. These hacks are also becoming more difficult to block as threats become more diversified, so a crisis management plan is a necessity in addition to a preventive system.
Today, the question is not if a hack is going to happen; it’s when. In addition to protecting their assets with network-level security, business leaders need to prioritize web-based security to guard their information against malware and other attacks.
Proactive management is key: Businesses need to anticipate threats and prepare (both with security systems and crisis plans), not assume that current systems are immune or hope that the next data breach will pass them over.