2Revisit Your Website Security Strategy
Website hacks are not just about stealing an organization’s data; even without data, you are still a target. Ask yourself: Are maintenance, operation, tuning, training, deployment and setup the right things on which to spend time? What if you could focus on incident response, visibility and reports, and ROI?
3Attack Example No. 1: Application-Level DDoS
This is carried out by sending a large amount of innocent-looking traffic to the Website. All it takes are just a few thousand requests per second to kill most of today’s application stacks. If there is just an order of magnitude more, even the servers could buckle and crash the site. This is relatively easy to generate but extremely hard to separate between the distributed denial-of-service (DDoS) traffic and the legitimate user traffic.
4Attack Example No. 2: Website Backdoors
Gaining access to a backdoor on a Website provides hackers with full control over the Web server and application. They often use that control to carry out attacks on targeted Websites or to steal information. It is difficult to detect because hackers will gain root privileges and use them to hide the backdoor.
5Attack Example No. 3: DNS Hijacking
This involves taking over your domain registrar account and taking ownership over your domain. The Website will go down, and, as a result, the site will lose all search engine optimization (SEO) ranking and reputation associated with the domain. The art of password hacking is much more advanced today than five years ago. The weakest link just may be the domain registrar’s password.
6Attack Example No. 4: Content Scraping
7Googlebot Impersonators a Serious Problem
8Attack Example No. 5: Abuse by Automation
In this hack, legitimate Website functions are automated to harm the business. These can include fake account registrations, fake comments or votes, or fake checkouts. These attacks create a high operational overhead and loss of time and money. They are very hard to deal with because this traffic is invisible to most analytics tools and it appears legitimate to network admins.
9High Percentage of Site Visitors May Be Intruders
10Adapt Current Security Strategy for New Threats
To deal with new threats effectively, a security strategy must include the following: a) visibility: be sure to stay informed on what is happening from the beginning of the process to the bottom line; b) perimeter security: make sure attacks are stopped on the perimeter, before reaching the network; and c) agility: use security experts who can rapidly respond to new attack techniques.
11New Line of Defense: Cloud-Based Web Application Firewalls
Cloud-based WAFs, which were recently made available, provide a new service model for online security. They eliminate maintenance, operation, tuning, training, deployment and setup costs; stop attacks at the perimeter; and gain full visibility and are up-to-date with the latest security features.