SlideShare uma empresa Scribd logo

How Can I Reduce The Risk Of A Cyber-Attack?

Osei Fortune
Osei Fortune

A professional guide to reducing the risks of a cyber attack on your business. A professionally written article that would be suitable for a technical IT blog.

Tecnologia
1 de 4
Baixar para ler offline
How Can I Reduce The Risk Of A Cyber Attack? fitcom.co /2014/01/21/how-can-i-reduce-the-risk-of -a-cyber-attack/ Every year, cyber- attacks cost website owners large amounts of money in damages to IT assets and disruptions to daily operations. Having knowledge on managing the risks associated with cybercrime helps to reduce website security risks. For ecommerce website owners and key decision makers, a solid cyber security strategy requires a time investment and careful consideration of many facets of an online business. The time investment is critical to business security and continuity since cyber- attacks are on the rise as more businesses establish an online presence. For this reason, ecommerce businesses must increase their awareness of the different types of website breaches to help develop effective policies and security strategies to combat cyber- attacks. In this article, we will help you understand the different types of cyber- attacks in addition to discussing some of the steps that are necessary to reduce your exposure to online risks. What is a Cyber Attack? A cyber- attack consists of a program created on a criminal’s PC before it is launched against a website, network, or individual PC. The motive for the attack is to compromise the availability, integrity, or confidentiality of a website, network, or PC, and the information that is stored on it. The attack is designed to perform a variety of malicious acts including: Acquiring unauthoriz ed access to a website and the data associated with it. Unexpected disruption of website services including the facilitation of entire website crashes. Installation of viruses or malicious code (malware) on a website.
Unauthoriz ed use of a website for the purpose of committing criminal acts such as hijacking, phishing, stealing sensitive data, and more. Changes to the characteristics of a website for criminal purposes without the owner’s knowledge or consent. See Wikipedia for Cyber- attack definitions. The processes used for responding to the attack are dependent upon the type of attack itself. This is why a comprehensive system covering a broad range of areas needs to be implemented since there is no one- siz e- fits- all answer to the problem. What are the Dif f erent Types of Cyber Attacks? To effectively protect your website, first it is important to understand some of the ways that hackers can launch a cyberattack and gain access to your website. Here are a few of the common ways hackers can breach a website or the network server where the website is stored. Remot e Code Execut ion: This type of attack allows the hacker to run random system level code through a web server vulnerability. The code allows the hacker to retrieve any type of information they desire including sensitive information. See this article on remote code execution. SQL Inject ion: This type of attack uses an older approach however; it is still popular with many hackers since it is an effective way to gain access to information in a website database. Depending upon the security measures you have in place, the attack can range from stealing basic information to complete compromise of a website and the database associated with it. Cross Sit e Script ing: Cross Site Scripting occurs on user login pages and comment pages that allow script tags. In this instance, the hacker perpetrates an attack using the error message page that appears when the wrong login information is entered or when script tags are used on discussion pages. Denial of Service (DoS): A Denial of Service attack occurs when the hacker inundates the web server bandwidth or the website resources with a massive amount of unnecessary traffic. The end result is complete loss of service to your website with other specific losses that can be devastating depending upon how many attacking hosts are operating simultaneously. Trojans: A Trojan is a small software program that can emulate legitimate software on a website or it can be hidden inside web applications such as links, ads, and other components. When the visitor downloads software from your website or clicks on one of the components, the Trojan is installed on the visitor’s computer and is designed to perform a series of malicious acts. See the virus encyclopedia on the Bitdefender website Hijacking: Hijacking occurs when a hacker monitors and then controls your website configuration to commit criminal acts. In this case, your website is setup to look like the real thing. When your customers enter their personal data, the site is programmed to send the data to an external server where the criminal harvests it. These are a few of the common ways hackers can breach your website. New hacking methods are being developed on a regular basis which is why it is important to stay on top of the latest methods and deploy strategies designed to counteract them. What is involved with a Website Security Assessment? Before you develop a website security strategy, it is important to assess existing security systems to determine where improvements should be made. This involves an assessment of the web server, software, coding, and web applications, to name a few areas. Additionally, if you are storing customer data and financial information, it is important to ensure the compliance standards such as PCI, HIPPA, and others are being met. In order to understand where security improvements should be made, the following areas should be reviewed: Code Review: A large amount of website breaches occur as the result coding errors. Although coding reviews can be expensive, the cost of a breach can be worse. A thorough coding review will tell you exactly where the security vulnerabilities are in the website coding and if any weak coding practices or shortcuts are being used. Discuss Coding wit h Developers: Ask your website developer if they are aware of some of the types of
cyber- attacks we mentioned above. If they understand what they are, make a point of asking them what they have done in the coding to prevent the attacks. If they can provide you with a sensible answer, there should be no problem with the code review and any apparent revisions. On the other hand, if they cannot provide an answer, a code review should be an important step in protecting your website. It will also help you to establish coding policies and standards for future website development. Conduct a Web Vulnerabilit y Assessment : This type of assessment takes on the perspective of an outsider and provides scenarios on how they might extract data from your system. The assessment focuses on areas of your website that face the Internet, as opposed to the server side of the site that contains the coding and other backend processes that are essential behind the scenes. A Web vulnerability assessment will help you to focus on what aspects of the site are likely to be vulnerable to exploits and tests the areas that are the most likely to be targeted. Review IT Securit y Tools: It is important to review the current IT security tools you have deployed to determine if they are providing sufficient protection or if changes are warranted. Depending upon your industry and the requirements for your website, the security tools include but are not limited to an antivirus and anti- malware protection system, firewall at the network level, firewall at the web application level, endpoint security management, intrusion detection and prevention systems, and encryption technologies such as Secure Sockets Layer (SSL) HTTPS, and more. Mobile Devices: If your company uses mobile devices to access specific components of the website such as CRM and others on the server side or backend, it is necessary to conduct a security assessment of mobile devices. Although you may have a solid security strategy deployed, it can easily be compromised with mobile device access. There are many third party companies like this one that offer network and website security assessment services. Conducting a local Google search should bring up the best results. What Steps Should I Take to Reduce Online Risks? Once you have assessed and defined the website security requirements, you should review the security policy to make any necessary changes, how the security policy will be monitored and managed, how specific data is classified based on sensitivity, and the effect a data breach would have on your business. This will help you to focus on the areas that require the most protection. Other steps for reducing online risks include: Level of Securit y and Ease of Use: Although website security is mainly about preventing data breaches and information theft, the security practices you put in place should ensure the website remains available, offers fast performance, and is in compliance with specific regulations for your industry. Validat ion of Third Part y Dat a: Most of the websites in today’s ecommerce environment receive input from other sources such as news feeds, social media, back office software systems, and other sources. Part of your security strategy should include validating the incoming and outgoing data to protect the integrity of your website infrastructure and prevent data breaches. Conduct Securit y Reviews at Each Milest one: At each step in the development process, conduct a security review at each milestone to ensure security issues are tackled immediately. The earlier you spot an issue, the less costly it will be to mitigate the risks. Creat e a Consist ent Development Framework: Web applications and software will always have errors however, by creating a consistent coding framework for developers this minimiz es the security risks. It also means you should include a reasonable time frame for developing the web application securely instead of simply accomplishing the requirements for functionality. Implement Secure Test ing: When testing for website vulnerabilities, a secure threat model should be created to thoroughly check for what actions are unauthoriz ed and what actions are normal and intended functions. Implement Audit ing, Logging, and Alert s: There is a host of software available for auditing website activity, logging for detection of suspicious activity, and alerts which provide you with early warnings of potential issues. The logs must also be protected from unauthoriz ed modification and include user identities capable of being monitored.
Use Secure Deployment : When you are developing a new website or expanding an existing one, the test and live environments may vary and be configured differently. This can cause security issues if the setup and launch of the website is not executed in a controlled manner that ensures all necessary security controls are implemented. Cont ract and SLA Securit y: If you use external security protection services or sub- contractors, make sure security is well defined in the contract or Service Level Agreement (see wiki – http://en.wikipedia.org/wiki/Servicelevel_agreement ). Use the same process to determine the level of security the provider uses and how security breaches are identified and handled. Disast er Recovery and Business Cont inuit y: Prepare your company with a backup plan in the event of availability loss to your website. This includes identifying the probability of downtime and the effect it will have on daily business operations. Define what actions should be taken to ensure business continuity in the event of an outage. In addition to the above steps, make certain the latest security technologies are deployed such as an antivirus and antimalware protection system, firewall at the network level, firewall at the web application level, endpoint security management, intrusion detection and prevention systems, and encryption technologies such as Secure Sockets Layer (SSL) HTTPS, and more. This may also include data protection technologies associated with meeting compliance requirements for PCI (Payment Card Industry), HIPPA (Health Insurance Portability and Accountability Act), and other industry- specific standards. Featured image License: Royalty Free or iStock source: http://www.bigstockphoto.com/ Another article by Brian Morton. A professional IT consultant of 11 years and counting. You will find Brian’s articles across on the internet on various technology sites.

Recomendados

VAPT- A Service on Eucalyptus Cloud
VAPT- A Service on Eucalyptus CloudVAPT- A Service on Eucalyptus Cloud
VAPT- A Service on Eucalyptus CloudSwapna Shetye
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
Topic11
Topic11Topic11
Topic11Anne Starr
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsCognizant
 
VAPT Infomagnum
VAPT InfomagnumVAPT Infomagnum
VAPT InfomagnumARUN REDDY M
 
Information Security Management System in the Banking Sector
Information Security Management System in the Banking SectorInformation Security Management System in the Banking Sector
Information Security Management System in the Banking SectorSamvel Gevorgyan
 
Malware in a JAR: How Rogue Java Applications Compromise your Endpoints
Malware in a JAR: How Rogue Java Applications Compromise your EndpointsMalware in a JAR: How Rogue Java Applications Compromise your Endpoints
Malware in a JAR: How Rogue Java Applications Compromise your EndpointsIBM Security
 

Recomendados

VAPT- A Service on Eucalyptus Cloud
VAPT- A Service on Eucalyptus CloudVAPT- A Service on Eucalyptus Cloud
VAPT- A Service on Eucalyptus CloudSwapna Shetye
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
Topic11
Topic11Topic11
Topic11Anne Starr
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsCognizant
 
VAPT Infomagnum
VAPT InfomagnumVAPT Infomagnum
VAPT InfomagnumARUN REDDY M
 
Information Security Management System in the Banking Sector
Information Security Management System in the Banking SectorInformation Security Management System in the Banking Sector
Information Security Management System in the Banking SectorSamvel Gevorgyan
 
Malware in a JAR: How Rogue Java Applications Compromise your Endpoints
Malware in a JAR: How Rogue Java Applications Compromise your EndpointsMalware in a JAR: How Rogue Java Applications Compromise your Endpoints
Malware in a JAR: How Rogue Java Applications Compromise your EndpointsIBM Security
 
What is Account Takeover - An Introduction to Web Fraud
What is Account Takeover - An Introduction to Web FraudWhat is Account Takeover - An Introduction to Web Fraud
What is Account Takeover - An Introduction to Web FraudNuData Security
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 
SME Cyber Insurance
SME Cyber Insurance SME Cyber Insurance
SME Cyber Insurance Netpluz Asia Pte Ltd
 
Architecting for Security Resilience
Architecting for Security ResilienceArchitecting for Security Resilience
Architecting for Security ResilienceJoel Aleburu
 
2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident Report2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident ReportCommunity IT Innovators
 
Supply chain-attack
Supply chain-attackSupply chain-attack
Supply chain-attackvikram vashisth
 
ISACA ISSA Presentation
ISACA ISSA PresentationISACA ISSA Presentation
ISACA ISSA PresentationMarc Crudgington, MBA
 
Securing Your Remote Access Desktop Connection
Securing Your Remote Access Desktop ConnectionSecuring Your Remote Access Desktop Connection
Securing Your Remote Access Desktop ConnectionSecurityMetrics
 
Data Security in Healthcare
Data Security in HealthcareData Security in Healthcare
Data Security in HealthcareQuick Heal Technologies Ltd.
 
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...Edureka!
 
Application security testing an integrated approach
Application security testing an integrated approachApplication security testing an integrated approach
Application security testing an integrated approachIdexcel Technologies
 
The 2016 Ponemon Cost of a Data Breach Study
The 2016 Ponemon Cost of a Data Breach StudyThe 2016 Ponemon Cost of a Data Breach Study
The 2016 Ponemon Cost of a Data Breach StudyIBM Security
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 
Netpluz DDoS Mitigation - Managed Cyber Security
Netpluz DDoS Mitigation - Managed Cyber Security Netpluz DDoS Mitigation - Managed Cyber Security
Netpluz DDoS Mitigation - Managed Cyber Security Netpluz Asia Pte Ltd
 
Information and Cyber Warfare
Information and Cyber WarfareInformation and Cyber Warfare
Information and Cyber WarfareSwapnil Jagtap
 
Cyber Security Needs and Challenges
Cyber Security Needs and ChallengesCyber Security Needs and Challenges
Cyber Security Needs and ChallengesHappiest Minds Technologies
 
2019 Cybersecurity Threats & Trends: The Chart Toppers & One-hit Wonders
2019 Cybersecurity Threats & Trends: The Chart Toppers & One-hit Wonders2019 Cybersecurity Threats & Trends: The Chart Toppers & One-hit Wonders
2019 Cybersecurity Threats & Trends: The Chart Toppers & One-hit WondersInternetwork Engineering (IE)
 
2010 Sc World Congress Nyc
2010 Sc World Congress Nyc2010 Sc World Congress Nyc
2010 Sc World Congress NycBob Maley
 
Healthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend ThemHealthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend ThemCheapSSLsecurity
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamMohammed Adam
 
Nobel Magazine
Nobel MagazineNobel Magazine
Nobel MagazineBasem Mosallam
 
Portfolio, Elizabeth Cichowski
Portfolio, Elizabeth CichowskiPortfolio, Elizabeth Cichowski
Portfolio, Elizabeth CichowskiLizCichowski
 

Mais conteúdo relacionado

Mais procurados

What is Account Takeover - An Introduction to Web Fraud
What is Account Takeover - An Introduction to Web FraudWhat is Account Takeover - An Introduction to Web Fraud
What is Account Takeover - An Introduction to Web FraudNuData Security
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 
Architecting for Security Resilience
Architecting for Security ResilienceArchitecting for Security Resilience
Architecting for Security ResilienceJoel Aleburu
 
2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident Report2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident ReportCommunity IT Innovators
 
Securing Your Remote Access Desktop Connection
Securing Your Remote Access Desktop ConnectionSecuring Your Remote Access Desktop Connection
Securing Your Remote Access Desktop ConnectionSecurityMetrics
 
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...Edureka!
 
Application security testing an integrated approach
Application security testing an integrated approachApplication security testing an integrated approach
Application security testing an integrated approachIdexcel Technologies
 
The 2016 Ponemon Cost of a Data Breach Study
The 2016 Ponemon Cost of a Data Breach StudyThe 2016 Ponemon Cost of a Data Breach Study
The 2016 Ponemon Cost of a Data Breach StudyIBM Security
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 
Netpluz DDoS Mitigation - Managed Cyber Security
Netpluz DDoS Mitigation - Managed Cyber Security Netpluz DDoS Mitigation - Managed Cyber Security
Netpluz DDoS Mitigation - Managed Cyber Security Netpluz Asia Pte Ltd
 
Information and Cyber Warfare
Information and Cyber WarfareInformation and Cyber Warfare
Information and Cyber WarfareSwapnil Jagtap
 
2019 Cybersecurity Threats & Trends: The Chart Toppers & One-hit Wonders
2019 Cybersecurity Threats & Trends: The Chart Toppers & One-hit Wonders2019 Cybersecurity Threats & Trends: The Chart Toppers & One-hit Wonders
2019 Cybersecurity Threats & Trends: The Chart Toppers & One-hit WondersInternetwork Engineering (IE)
 
2010 Sc World Congress Nyc
2010 Sc World Congress Nyc2010 Sc World Congress Nyc
2010 Sc World Congress NycBob Maley
 
Healthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend ThemHealthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend ThemCheapSSLsecurity
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamMohammed Adam
 

Mais procurados (20)

What is Account Takeover - An Introduction to Web Fraud
What is Account Takeover - An Introduction to Web FraudWhat is Account Takeover - An Introduction to Web Fraud
What is Account Takeover - An Introduction to Web Fraud
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
 
SME Cyber Insurance
SME Cyber Insurance SME Cyber Insurance
SME Cyber Insurance
 
Architecting for Security Resilience
Architecting for Security ResilienceArchitecting for Security Resilience
Architecting for Security Resilience
 
2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident Report2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident Report
 
Supply chain-attack
Supply chain-attackSupply chain-attack
Supply chain-attack
 
ISACA ISSA Presentation
ISACA ISSA PresentationISACA ISSA Presentation
ISACA ISSA Presentation
 
Securing Your Remote Access Desktop Connection
Securing Your Remote Access Desktop ConnectionSecuring Your Remote Access Desktop Connection
Securing Your Remote Access Desktop Connection
 
Data Security in Healthcare
Data Security in HealthcareData Security in Healthcare
Data Security in Healthcare
 
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
 
Application security testing an integrated approach
Application security testing an integrated approachApplication security testing an integrated approach
Application security testing an integrated approach
 
The 2016 Ponemon Cost of a Data Breach Study
The 2016 Ponemon Cost of a Data Breach StudyThe 2016 Ponemon Cost of a Data Breach Study
The 2016 Ponemon Cost of a Data Breach Study
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
 
Netpluz DDoS Mitigation - Managed Cyber Security
Netpluz DDoS Mitigation - Managed Cyber Security Netpluz DDoS Mitigation - Managed Cyber Security
Netpluz DDoS Mitigation - Managed Cyber Security
 
Information and Cyber Warfare
Information and Cyber WarfareInformation and Cyber Warfare
Information and Cyber Warfare
 
Cyber Security Needs and Challenges
Cyber Security Needs and ChallengesCyber Security Needs and Challenges
Cyber Security Needs and Challenges
 
2019 Cybersecurity Threats & Trends: The Chart Toppers & One-hit Wonders
2019 Cybersecurity Threats & Trends: The Chart Toppers & One-hit Wonders2019 Cybersecurity Threats & Trends: The Chart Toppers & One-hit Wonders
2019 Cybersecurity Threats & Trends: The Chart Toppers & One-hit Wonders
 
2010 Sc World Congress Nyc
2010 Sc World Congress Nyc2010 Sc World Congress Nyc
2010 Sc World Congress Nyc
 
Healthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend ThemHealthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend Them
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed Adam
 

Destaque

Portfolio, Elizabeth Cichowski
Portfolio, Elizabeth CichowskiPortfolio, Elizabeth Cichowski
Portfolio, Elizabeth CichowskiLizCichowski
 
Asotransito, Manejo defensivo,seguridad vial Ingles
Asotransito, Manejo defensivo,seguridad vial InglesAsotransito, Manejo defensivo,seguridad vial Ingles
Asotransito, Manejo defensivo,seguridad vial Inglesgueste334a38
 
Librairie Passion Culture 2012
Librairie Passion Culture 2012Librairie Passion Culture 2012
Librairie Passion Culture 2012Rodolphe Champagne
 

Destaque (6)

Nobel Magazine
Nobel MagazineNobel Magazine
Nobel Magazine
 
Portfolio, Elizabeth Cichowski
Portfolio, Elizabeth CichowskiPortfolio, Elizabeth Cichowski
Portfolio, Elizabeth Cichowski
 
Pasos para cargar un blog
Pasos para cargar un blogPasos para cargar un blog
Pasos para cargar un blog
 
Asotransito, Manejo defensivo,seguridad vial Ingles
Asotransito, Manejo defensivo,seguridad vial InglesAsotransito, Manejo defensivo,seguridad vial Ingles
Asotransito, Manejo defensivo,seguridad vial Ingles
 
Web 20
Web 20Web 20
Web 20
 
Librairie Passion Culture 2012
Librairie Passion Culture 2012Librairie Passion Culture 2012
Librairie Passion Culture 2012
 

Semelhante a How Can I Reduce The Risk Of A Cyber-Attack?

Top 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdfTop 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdfSolviosTechnology
 
Web Application Security - Everything You Should Know
Web Application Security - Everything You Should KnowWeb Application Security - Everything You Should Know
Web Application Security - Everything You Should KnowNarola Infotech
 
Module 12 (web application vulnerabilities)
Module 12 (web application vulnerabilities)Module 12 (web application vulnerabilities)
Module 12 (web application vulnerabilities)Wail Hassan
 
Domain 5 of the CEH Web Application Hacking.pptx
Domain 5 of the CEH Web Application Hacking.pptxDomain 5 of the CEH Web Application Hacking.pptx
Domain 5 of the CEH Web Application Hacking.pptxInfosectrain3
 
Asset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt LabsAsset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt LabsRedhuntLabs2
 
Elementary-Information-Security-Practices
Elementary-Information-Security-PracticesElementary-Information-Security-Practices
Elementary-Information-Security-PracticesOctogence
 
CYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_ReportCYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_ReportChris Taylor
 
How to build a highly secure fin tech application
How to build a highly secure fin tech applicationHow to build a highly secure fin tech application
How to build a highly secure fin tech applicationnimbleappgenie
 
Domain 5 of the CEH: Web Application Hacking
Domain 5 of the CEH: Web Application HackingDomain 5 of the CEH: Web Application Hacking
Domain 5 of the CEH: Web Application HackingShivamSharma909
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxwkyra78
 
Are you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weaponsAre you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weaponsBhargav Modi
 
Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities
Protect Your IT Infrastructure from Zero-Day Attacks and New VulnerabilitiesProtect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities
Protect Your IT Infrastructure from Zero-Day Attacks and New VulnerabilitiesSymantec
 

Semelhante a How Can I Reduce The Risk Of A Cyber-Attack? (20)

Top 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdfTop 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdf
 
How to Secure your ecommerce website-Threats and tips
How to Secure your ecommerce website-Threats and tipsHow to Secure your ecommerce website-Threats and tips
How to Secure your ecommerce website-Threats and tips
 
Research Paper
Research PaperResearch Paper
Research Paper
 
Web Application Security - Everything You Should Know
Web Application Security - Everything You Should KnowWeb Application Security - Everything You Should Know
Web Application Security - Everything You Should Know
 
Module 12 (web application vulnerabilities)
Module 12 (web application vulnerabilities)Module 12 (web application vulnerabilities)
Module 12 (web application vulnerabilities)
 
Ownux global Aug 2023.pdf
Ownux global Aug 2023.pdfOwnux global Aug 2023.pdf
Ownux global Aug 2023.pdf
 
Domain 5 of the CEH Web Application Hacking.pptx
Domain 5 of the CEH Web Application Hacking.pptxDomain 5 of the CEH Web Application Hacking.pptx
Domain 5 of the CEH Web Application Hacking.pptx
 
Asset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt LabsAsset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt Labs
 
C01461422
C01461422C01461422
C01461422
 
Elementary-Information-Security-Practices
Elementary-Information-Security-PracticesElementary-Information-Security-Practices
Elementary-Information-Security-Practices
 
CYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_ReportCYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_Report
 
How to build a highly secure fin tech application
How to build a highly secure fin tech applicationHow to build a highly secure fin tech application
How to build a highly secure fin tech application
 
CEH Domain 5.pdf
CEH Domain 5.pdfCEH Domain 5.pdf
CEH Domain 5.pdf
 
Domain 5 of the CEH: Web Application Hacking
Domain 5 of the CEH: Web Application HackingDomain 5 of the CEH: Web Application Hacking
Domain 5 of the CEH: Web Application Hacking
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docx
 
Solution Brief
Solution BriefSolution Brief
Solution Brief
 
Are you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weaponsAre you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weapons
 
Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities
Protect Your IT Infrastructure from Zero-Day Attacks and New VulnerabilitiesProtect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities
Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities
 
Cyber Security for Financial Institutions
Cyber Security for Financial InstitutionsCyber Security for Financial Institutions
Cyber Security for Financial Institutions
 
Measures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacksMeasures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacks
 

Último

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 

Último (20)

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 

How Can I Reduce The Risk Of A Cyber-Attack?

  • 1. How Can I Reduce The Risk Of A Cyber Attack? fitcom.co /2014/01/21/how-can-i-reduce-the-risk-of -a-cyber-attack/ Every year, cyber- attacks cost website owners large amounts of money in damages to IT assets and disruptions to daily operations. Having knowledge on managing the risks associated with cybercrime helps to reduce website security risks. For ecommerce website owners and key decision makers, a solid cyber security strategy requires a time investment and careful consideration of many facets of an online business. The time investment is critical to business security and continuity since cyber- attacks are on the rise as more businesses establish an online presence. For this reason, ecommerce businesses must increase their awareness of the different types of website breaches to help develop effective policies and security strategies to combat cyber- attacks. In this article, we will help you understand the different types of cyber- attacks in addition to discussing some of the steps that are necessary to reduce your exposure to online risks. What is a Cyber Attack? A cyber- attack consists of a program created on a criminal’s PC before it is launched against a website, network, or individual PC. The motive for the attack is to compromise the availability, integrity, or confidentiality of a website, network, or PC, and the information that is stored on it. The attack is designed to perform a variety of malicious acts including: Acquiring unauthoriz ed access to a website and the data associated with it. Unexpected disruption of website services including the facilitation of entire website crashes. Installation of viruses or malicious code (malware) on a website.
  • 2. Unauthoriz ed use of a website for the purpose of committing criminal acts such as hijacking, phishing, stealing sensitive data, and more. Changes to the characteristics of a website for criminal purposes without the owner’s knowledge or consent. See Wikipedia for Cyber- attack definitions. The processes used for responding to the attack are dependent upon the type of attack itself. This is why a comprehensive system covering a broad range of areas needs to be implemented since there is no one- siz e- fits- all answer to the problem. What are the Dif f erent Types of Cyber Attacks? To effectively protect your website, first it is important to understand some of the ways that hackers can launch a cyberattack and gain access to your website. Here are a few of the common ways hackers can breach a website or the network server where the website is stored. Remot e Code Execut ion: This type of attack allows the hacker to run random system level code through a web server vulnerability. The code allows the hacker to retrieve any type of information they desire including sensitive information. See this article on remote code execution. SQL Inject ion: This type of attack uses an older approach however; it is still popular with many hackers since it is an effective way to gain access to information in a website database. Depending upon the security measures you have in place, the attack can range from stealing basic information to complete compromise of a website and the database associated with it. Cross Sit e Script ing: Cross Site Scripting occurs on user login pages and comment pages that allow script tags. In this instance, the hacker perpetrates an attack using the error message page that appears when the wrong login information is entered or when script tags are used on discussion pages. Denial of Service (DoS): A Denial of Service attack occurs when the hacker inundates the web server bandwidth or the website resources with a massive amount of unnecessary traffic. The end result is complete loss of service to your website with other specific losses that can be devastating depending upon how many attacking hosts are operating simultaneously. Trojans: A Trojan is a small software program that can emulate legitimate software on a website or it can be hidden inside web applications such as links, ads, and other components. When the visitor downloads software from your website or clicks on one of the components, the Trojan is installed on the visitor’s computer and is designed to perform a series of malicious acts. See the virus encyclopedia on the Bitdefender website Hijacking: Hijacking occurs when a hacker monitors and then controls your website configuration to commit criminal acts. In this case, your website is setup to look like the real thing. When your customers enter their personal data, the site is programmed to send the data to an external server where the criminal harvests it. These are a few of the common ways hackers can breach your website. New hacking methods are being developed on a regular basis which is why it is important to stay on top of the latest methods and deploy strategies designed to counteract them. What is involved with a Website Security Assessment? Before you develop a website security strategy, it is important to assess existing security systems to determine where improvements should be made. This involves an assessment of the web server, software, coding, and web applications, to name a few areas. Additionally, if you are storing customer data and financial information, it is important to ensure the compliance standards such as PCI, HIPPA, and others are being met. In order to understand where security improvements should be made, the following areas should be reviewed: Code Review: A large amount of website breaches occur as the result coding errors. Although coding reviews can be expensive, the cost of a breach can be worse. A thorough coding review will tell you exactly where the security vulnerabilities are in the website coding and if any weak coding practices or shortcuts are being used. Discuss Coding wit h Developers: Ask your website developer if they are aware of some of the types of
  • 3. cyber- attacks we mentioned above. If they understand what they are, make a point of asking them what they have done in the coding to prevent the attacks. If they can provide you with a sensible answer, there should be no problem with the code review and any apparent revisions. On the other hand, if they cannot provide an answer, a code review should be an important step in protecting your website. It will also help you to establish coding policies and standards for future website development. Conduct a Web Vulnerabilit y Assessment : This type of assessment takes on the perspective of an outsider and provides scenarios on how they might extract data from your system. The assessment focuses on areas of your website that face the Internet, as opposed to the server side of the site that contains the coding and other backend processes that are essential behind the scenes. A Web vulnerability assessment will help you to focus on what aspects of the site are likely to be vulnerable to exploits and tests the areas that are the most likely to be targeted. Review IT Securit y Tools: It is important to review the current IT security tools you have deployed to determine if they are providing sufficient protection or if changes are warranted. Depending upon your industry and the requirements for your website, the security tools include but are not limited to an antivirus and anti- malware protection system, firewall at the network level, firewall at the web application level, endpoint security management, intrusion detection and prevention systems, and encryption technologies such as Secure Sockets Layer (SSL) HTTPS, and more. Mobile Devices: If your company uses mobile devices to access specific components of the website such as CRM and others on the server side or backend, it is necessary to conduct a security assessment of mobile devices. Although you may have a solid security strategy deployed, it can easily be compromised with mobile device access. There are many third party companies like this one that offer network and website security assessment services. Conducting a local Google search should bring up the best results. What Steps Should I Take to Reduce Online Risks? Once you have assessed and defined the website security requirements, you should review the security policy to make any necessary changes, how the security policy will be monitored and managed, how specific data is classified based on sensitivity, and the effect a data breach would have on your business. This will help you to focus on the areas that require the most protection. Other steps for reducing online risks include: Level of Securit y and Ease of Use: Although website security is mainly about preventing data breaches and information theft, the security practices you put in place should ensure the website remains available, offers fast performance, and is in compliance with specific regulations for your industry. Validat ion of Third Part y Dat a: Most of the websites in today’s ecommerce environment receive input from other sources such as news feeds, social media, back office software systems, and other sources. Part of your security strategy should include validating the incoming and outgoing data to protect the integrity of your website infrastructure and prevent data breaches. Conduct Securit y Reviews at Each Milest one: At each step in the development process, conduct a security review at each milestone to ensure security issues are tackled immediately. The earlier you spot an issue, the less costly it will be to mitigate the risks. Creat e a Consist ent Development Framework: Web applications and software will always have errors however, by creating a consistent coding framework for developers this minimiz es the security risks. It also means you should include a reasonable time frame for developing the web application securely instead of simply accomplishing the requirements for functionality. Implement Secure Test ing: When testing for website vulnerabilities, a secure threat model should be created to thoroughly check for what actions are unauthoriz ed and what actions are normal and intended functions. Implement Audit ing, Logging, and Alert s: There is a host of software available for auditing website activity, logging for detection of suspicious activity, and alerts which provide you with early warnings of potential issues. The logs must also be protected from unauthoriz ed modification and include user identities capable of being monitored.
  • 4. Use Secure Deployment : When you are developing a new website or expanding an existing one, the test and live environments may vary and be configured differently. This can cause security issues if the setup and launch of the website is not executed in a controlled manner that ensures all necessary security controls are implemented. Cont ract and SLA Securit y: If you use external security protection services or sub- contractors, make sure security is well defined in the contract or Service Level Agreement (see wiki – http://en.wikipedia.org/wiki/Servicelevel_agreement ). Use the same process to determine the level of security the provider uses and how security breaches are identified and handled. Disast er Recovery and Business Cont inuit y: Prepare your company with a backup plan in the event of availability loss to your website. This includes identifying the probability of downtime and the effect it will have on daily business operations. Define what actions should be taken to ensure business continuity in the event of an outage. In addition to the above steps, make certain the latest security technologies are deployed such as an antivirus and antimalware protection system, firewall at the network level, firewall at the web application level, endpoint security management, intrusion detection and prevention systems, and encryption technologies such as Secure Sockets Layer (SSL) HTTPS, and more. This may also include data protection technologies associated with meeting compliance requirements for PCI (Payment Card Industry), HIPPA (Health Insurance Portability and Accountability Act), and other industry- specific standards. Featured image License: Royalty Free or iStock source: http://www.bigstockphoto.com/ Another article by Brian Morton. A professional IT consultant of 11 years and counting. You will find Brian’s articles across on the internet on various technology sites.