There’s a saying in the security industry: “There are two types of business. Those that know their website is under attack by hackers. And, those that don’t know their website is under attack by hackers.”
So, it’s not a matter of “if.” It’s a matter of “when” your website is attacked. As if businesses don’t have enough things to worry about, here are some stats about online hacks that’ll chill the bone marrow of any entrepreneur and executive team:
40% of small business have been hacked in North America
- 30,000 websites get hacked daily
The average cost of a hack and data loss to a small business is $15,600. And, since online web traffic (e.g. from Google Search) is built on “trust” between websites, the reputation damage to a business over the long-term brand can be hundreds of thousands to several million dollars.
- 77% of small businesses believe “that their company is safe from cyber threats like viruses and spyware” yet 83% of small business don’t take any formal cyber-security measures.
*Forbes Report: www.forbes.com/sites/jameslyne/2013/09/06/30000-web-sites-hacked-a-day-how-do-you-host-yours
** Report: http://www.inc.com/laura-montini/nsba-survey-cybersecurity.html?cid=sf01001
Those pesky Russians!
Actually, this article isn’t just about Russian hackers, it’s about all hackers from all countries; I used “Russia” specifically as clickbait to bring you to this article, since Russia hacking seems to be a popular topic these days. But everyone is doing it, doing it, doing it.
Security and hacking, in general, is a hot topic. In the last month or so, we’ve seen the latest Ransomware attacks (WannaCry and Petya) that find vunerable sites, encrypt files and demand bitcoins as payment. Only yesterday, a vicious “Wiper” virus called Expetr was created that basically takes over the root of your computer and messes up your hard drive.
For the record, I never liked Bitcoin, and this is one of the reasons why. First of all, I have always felt it’s a ponzi scheme … good money follows bad money … what is the intrinsic value of a bitcoin? If the value is to give hackers, gangs, and terrorists a way to transfer money from country to country anonymously, then Bitcoin has succeeded.
Because of the enablement of transferring dirty money, Bitcoin is one of the most ridiculous things we’ve created as a tech community, and we should probably a) be ashamed of ourselves and b) stop supporting it’s use.
But I digress.
Want to see something else that will freak you out?
The image header of this blog post and the graphic below, are a screen captures from a website called Digital Attack map.
This real-time map is a fascinating slice of cyberattack life, showing 4 types of DDoS(Distributed Denial of Service) attacks around the world.
In any given hour, basically, all countries have servers that attack other servers in more or less every other country.
It was particularly bad in the months around the U.S. election and the first days of the presidency. In fact, on the day of the U.S. election, Nov 8 2017, a lot of the attacks are shown coming to the U.S. from other countries (vs. the header image of this blog post, where attacks are everywhere coming from everywhere).
In general, if you look at the red trendline I drew at the bottom of this graphic … well … it feels like we’re just getting started with plenty of hijinx in the coming years to look forward to.
As as a global community, we’ve seen an increase of about 100% in DDoS attacks in the last year, and the trend seems to be accelerating.
Why are hackers targeting the security of my website?
Don’t be so flattered. Hackers rarely target a specific website. Those high-profile ones we hear about … Sony, U.S. Government, Ashley Madison … yes, THEY are targeted, and typically take some sophisticated hacking of the specific website to get in and wreck havoc.
Most business website hacks come in an automated fashion.
Hackers make programs (e.g. spiders) that crawl the internet from website to website try to expose vulnerabilities. When a vulnerability is found, they infect the website. Some don’t have an impact for awhile (such as spam hacks wherein your website starts to get recognized by search engines for words that have nothing to do with your business) and some can screw things up right away, like file deletions and encryptions.
Why do hackers hack?
- Quick financial gain #1: credit cards & passwords. Hackers are looking to harvest passwords, credit cards, whatever … in order to make some money. This is by far the #1 reason for hackers to hack.
- Quick financial gain #2: Ransomware. Hackers are looking to test your website for vulnerabilities, and once found, they can deploy a program that encrypts all the files on your server. You *cannot* unencrypt them yourself. Then, they ask for payment in Bitcoins.
- Get access to other systems through social login. Once a hacker has access to one part of your digital brand (website, facebook login, twitter), they’ll use that access to try and get social logins through links to all the other parts of yor digital brand; eventually trying logins for financial systems.
- Ads and Spam. Once infected, spam hacks can start showing unintended ads or pages to your visitors, and driving traffic to other website properties. Without you knowing. This also derails your SEO progress, and gives that SEO progress to these other sites.
- Fun. Back in the old days, there was some glory associated in writing a good hack. I don’t think that glory exists anymore, however, but I’m sure there are still those out there that are all like “look at this!” File this under “because we can.”
- Disgruntled employees. A lot of “hacking” are inside jobs. Usernames and password’s given to others (or used by the employee) to shake things up because the company has treated them unfairly. Similarly, post-it notes of usernames and passwords that are stuck to the side of a person’s monitor in the office are easy targets for everyone else in the office.
- A sense of online justice and/or frustration. Some hackers have a beef to grind and time on their hands. Certainly, those that hacked Ashley Madison feel like they punished the company appropriately … not so much cyber criminals as it is cyber vigilantism. Anonymous’s chant of “We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us.” puts fear into organizations they are “teaching a lesson to.”
- Stealing intellectual property. There lots of unprotected gold in them thar hills. Names. Source code. Financial statements. Pictures.
- Stealing computer time. Some hacks want to turn your host computer into a bot, to do it’s bidding as required, such as DDOS and DoS attacks (Denial of Service). They’ll use your computer (and many others) to simulate LOTS of people targetting a specific website all at once, and since that website can’t handle the volume of traffic, it crashes, rendering it useless.
- Pricks. Plain and simple. Some hackers are just not nice people.
If you’re worried about your website security, of course, we can help. Along with all our marketing, technical and creative services, we check under the hood of your marketing website for vulnerabilities, and actively monitor it over time.
P.S. The running title for this blog post was originally: “How much hacking could a good hacker hack, if they could hack would hack hack?” … 🙂 … but, ah, no. Be careful out there!