After our recent Data (In)Security post, we fielded many questions from owners of small sites and blogs that basically boiled down to one common theme – I’m not Target so why would anyone hack my site?
Thanks to news coverage there’s a common misconception that attackers are only after banks, large companies, or critical infrastructure. No doubt we live in a world where big names get big headlines. However, a more accurate account of the assault on small business websites comes from industry reports. Case in point, Verizon 2013 Security Report cited 71% of data breaches affected companies of 100 employees or fewer.
The attacks are driven, in large part, by an ever-growing number of websites. In the past 3.5 years alone, the number of active websites has doubled from 90 to 180 million (according to Netcraft). This rapid increase in the creation of individual and small business websites has produced a threat landscape that mimics that of the late 1990s and early 2000s. It was during this period that broad-band access boomed – creating millions of new targets (PC owners) with limited time to understand the risks they faced.
In a snapshot, the above image illustrates time-tested reasons why criminals target small websites. The image is based on the infographic Value of a Hacked PC, created by Brian Krebs. If you’re not familiar with his work, check out his website, Krebs on Security. Krebs’ security coverage unwinds cyber-criminal activity in near real time and often reads like a Tom Clancy story.
Unfortunately, the number of ways criminals can monetize your company’s website is too vast to cover in one blog post. Over the coming weeks we will drill down on specific threats. For now, suffice it to say, no site is too small to be victimizied.
I’ll sign off with this friendly piece of advice: To everyone using a cms, do yourself a favor and update to the latest version!