With the media reporting only the most impactful breaches of internet security, it would be tempting to believe that the once prevalent and public attacks on small to mid-sized companies’ websites was diminishing in scope and frequency. While many companies have learned a great deal about securing their digital connection to the world, the threat of experiencing a crippling breach of website security is not far from a reality for most organizations who still fail to understand the magnitude of harm that comes from a well initiated breach by hackers, who remain intent on creating mayhem and calamity.
The 2018 State of the Internet/Security Credential Stuffing Attacks report is revealing that approximately 3.2 billion malicious logins occurred each month between January and April of this year. The report’s publisher, Akamai, says worldwide malicious login attempts are on the rise. “In addition, 2018 has seen 1.4 million compromised usernames and passwords. Botnets caused a monthly average increase of 30% between May and June 2018. During those two months, researchers detected over 8.3 billion malicious login attempts from bots.”
“Our research shows that the people carrying out credential-stuffing attacks are continuously evolving their arsenal. They vary their methodologies from noisier, volume-based attacks through stealth-like ‘low and slow’ style attacks,” said Martin McKeay, senior security advocate at Akamai and lead author of the State of the Internet/Security report. “It’s especially alarming when we see multiple attacks simultaneously affecting a single target. Without specific expertise and tools needed to defend against these blended, multi-headed campaigns, organizations can easily miss some of the most dangerous credential attacks.”
The problem is not just limited to the private sector. A report recently released from the Information Technology and Innovation Foundation found that state webpages are failing to make a passing grade on securing their internet connection related to the use of Hypertext Transfer Protocol Secure (HTTPS) and Domain Name System Security (DNSSEC). “It is vital that citizens be able to securely interact with state government websites. Insecure websites put the sensitive data and browsing history of individuals at risk,” the report said.
The increased pace and frequency of occurrence isn’t the result of “taking a blind eye to the threat”, but rather a persistent and tenacious community of hackers who never seem to be deterred by an increased security environment. “Worldwide spending on information security products and services will reach more than $114 billion in 2018, an increase of 12.4 percent from last year,” according to the latest forecast from Gartner, Inc. “In 2019, the market is forecast to grow 8.7 percent to $124 billion.” The truth is that the effort to harden the unwelcome efforts to disrupt and injure your business is never done. But there are some fundamental actions that can improve your chances of not becoming the latest hacker victim.
Hackers usually target security flaws in software and programs that have not been updated to guard against the most recent threats of breach. Keep all software and platforms up to date and enforce the use of strong passwords and login identifications among company users. The most prevalent threat remains a company’s employees and vendors who may have access to some or all of the systems’ functions.
Using SSL encryption on login pages allows sensitive information such as credit card numbers, social security numbers, and login credentials to be transmitted securely. Partner with a reputable web hosting company devoted to keeping your website secure. As the old saying goes, “Cleanliness is next to Godliness.” Stop using and delete every outdated and underused database, application, or plugin on your website and back-up your system regularly to avoid getting locked out of the site. Frequently perform web security scans to check for website and server vulnerabilities.
If the process of performing even the simplest of security fundamentals escapes in-house expertise, secure the services of an experienced expert to make sure necessary and comprehensive security measures are performed on a regular basis. The cost, when compared to letting the bad actors cripple your business and steal your customers’ data, is well worth the investment.