The Web Security Beast

Jason_Friedlander_HeadshotBy Jason Friedlander, Director of Product Marketing

It was quite a week to start researching the tangled world of cyber security, as news of one of the biggest cyberattacks broke. The Equifax data breach is definitely the hottest news buzzing around the water cooler in the past few days, with over 44% of the US population being affected. If you still haven’t found out if you’ve been affected, you can find out how to check out your status here.

We’re used to hearing about cyberattacks or web attacks on large scaled organizations. In fact, the US Air Force estimated that there are more than 1 million cyber attacks on its network per day in 2016. The Russian campaign hit 39 states in the 2016 presidential elections, but there are countless smaller attacks happening every minute of everyday. Our Edgecast CDN knocks down hundreds of DDOS attacks every week alone.

“White-hat hackers” (the good ones are called hackers too) are trying to beef up security- with coalitions being formed with the intent of creating a hack proof operating system. Even Europe has taken measures to beef up their security, setting up a new agency that will block again the 4,000 ransomware attacks per day that continent experiences. But, Equifax is unique because rarely do we experience attacks at such scale and on a personal level, leaving many wondering, how did this happen? Am I at risk?

With so many companies now built to run in the cloud and rely on third-party vendors for pieces of their software stack and infrastructure needs, security is an ever-evolving need. Companies have to build trust when it comes to the vendors and tools they use each day and put the right pieces in place to protect their products and services to build that trust with the consumer.

The problem is that web security is a beast of its own; many aren’t sure how to best protect themselves against hackers from which these types of attacks can be devastatingly hard to recover. However, in doing research for my hosting duties, I uncovered that there are a lot of things any organization can do that can prevent these kinds of attacks from happening.

  1. Update your systems regularly
    Part of what makes the Equifax hack so frustrating to many (other than the obvious reasons) is that, arguably, it was avoidable. Hackers exploited a two-month-old flaw in Equifax’s web systems to steal millions of customers’ private data, the firm revealed. According to the Apache Foundation, which oversees the widely-used open source software, “The Equifax data compromise was due to (Equifax’s) failure to install the security updates provided in a timely manner.”  So learn from their mistakes! Monitoring your systems and updating them in a timely fashion is key to keeping your precious data out of hackers’ reach.
  2. Know your enemy
    There are seven main types of hackers: script kiddies, the hacking group, hacktivists, black-hat professionals, organized criminal gangs, nation states and the automated tool. Out of these the only ones you really need to worry about are hacking groups, hacktivists, black hat professionals and the automated tool.
  3. Create an internal policy
    The biggest web security risk for your business is, drum roll please, your employees! In many cases, hackers will get inside a network thanks to one of your employees clicking on a line in an email or using a poor password. It is important to stay updated on the latest scams that are going around and to keep your employees aware of the scams, as well. For you, the security expert, knowing about it is not enough. While staying educated is the first element, you also need to check with the person who set up the business server to ensure the right protections are in place.
  4. Change your passwords regularly
    There are a number of security experts that state that you should never use the same password for all of your accounts. Make sure you and your employees create diverse passwords that combine numbers, symbols and other factors to ensure it is safe and secure. And change all of them every few months! It may even be a good idea to give each of your employees access to a password manager like 1Password that provide end-to-end security for each password you store in the application. It also suggests new passwords and stores everything across your devices so it’s easy to create and fill in a strong password at anytime.
  5. Put your money where your mouth is
    It’s been calculated that 52% of organizations that suffered a successful web attack in 2016 aren’t making any changes to their security in 2017. And the budgets to prevent these attacks either stay the same or in some cases, decrease! Invest in a security expert and in software and partners that will protect your data. If you want to be safe, you need to take action and allot the resources to keep you and your organization shielded from these attacks.
  6. Stay educated!
    There are a number of organizations that are making cyber security a priority and sharing their intel around this! Watch our on-demand webinar in which we’ll discuss how to adapt your web security strategy to today’s evolving cyber threatscape.