On average, websites experience 58 attacks per day, and you might be making that number worse. The research team at SiteLock isolated three major factors that increase a website’s risk of being compromised: complexity, composition and popularity. A website that links back to social media pages, uses a CMS application and is widely visited is a great asset for any business, right? Though all of these characteristics seem critical to business success, many companies aren’t aware of how these and other features can increase the risk of cyberattack by two times to 15 times.
In this interview with Total Retail, Jessica Ortega, product marketing specialist at SiteLock, she offers tips for retailers and brands on how they can make their websites more secure.
Total Retail: How common are website attacks?
Jessica Ortega: Cyberattacks on websites are so common that the average site can experience up to 58 attacks per day. These attacks can range from cryptocurrency mining to phishing, and even defacements that take websites completely offline.
TR: What makes a website more at risk to be compromised?
JO: While all websites are at risk and no site is too small to hack, there are a variety of things that can make a website more attractive to cybercriminals or more at risk for compromise. Factors such as site popularity (i.e., traffic and social media presence), site complexity (i.e., total number of pages within the website), and site composition (i.e., the various applications used to build the site) all play a role in determining overall website “risk.” In addition to these factors, using open source applications like Drupal, Joomla!, and WordPress can cause a website to be even more vulnerable to attack due to vulnerabilities and misconfigurations within them. These vulnerabilities are often found in out-of-date applications as well as themes and plugins because many website owners don’t realize that applications require maintenance.
TR: Are e-commerce sites a bigger target for bad actors and bots?
JO: E-commerce sites are often a prime target for bad actors and bot-based attacks because they store customer contact information and often collect credit card information. While any website can be an easy target for cybercriminals, e-commerce websites are unique because they have transactional data that passes through them, making them a richer target than a blog or informational website.
TR: How can e-commerce sites ensure customer and company data doesn’t get into the wrong hands online?
JO: One of the most important and easiest steps an e-commerce site can take to protect customer data is using an SSL certificate. SSL certificates ensure that credit card and personal information isn't intercepted as it's transmitted from customer to site, and then from site to server. In addition to SSL certificates, using a patching service and vulnerability scanner to ensure website applications are up-to-date and free of vulnerabilities will prevent cybercriminals from accessing data stored on the website.
TR: What safeguards can website owners put in place to better protect their sites?
JO: Website owners should think beyond a single solution and put a holistic, proactive security suite in place to protect their sites. This should include a malware scanner that automatically removes any malicious content detected and a web application firewall (WAF). A WAF filters traffic to websites, stopping bots and attacks before they’re able to reach the site. Malware scanners should automatically run each day for malicious and suspicious content.
Related story: How Brookstone is Fighting Back Against Fraudsters
- People:
- Jessica Ortega