Posted by: cnielsen on Dec 27, 2011
Experts in the field anticipate cyber-crime in 2012 could rise as high as 7000% from 6 years ago
Wow, the more we learn about web security these days and the capabilities of hackers, the more we are in awe! So many folks do not adequately protect their web assets from even the many common or well know threats and vulnerabilities let alone the even more dangerous cyber criminals that could completely steal your identity and milk your bank accounts.
In a recent security audit we found that if you are not protected with a tool like Secure Live (www.securelive.net) and other server side security monitoring solutions, hackers can find ways to penetrate the deepest levels of your server environment by installing stealth scripts that allow them to do just about anything they want with your data and any other data stored on the server. These scripts can be buried layers deep in directories that you would never find and could go virtually undetected allowing the hacker to leverage your server for a variety of exploitations.
This is serious stuff folks!
Stats on cyber-crime over the past 6 years:
- 2008 - 2009 +22%
- 2009 - 2010 +56%
- 2010 - 2011 +726%
- 2011 - 2012 +2965% at a cost of 216.7 billion dollars
- Competitors and disgruntled employees make up over half of the cyber-attack sources
These are not just kids anymore having fun by putting up a picture of a penguin on your index page just because they can… to be cool in some underground community. Let’s say that your web site gets hacked by someone that could access the entire server or even worse a whole cloud environment where they could download databases with credit card numbers and other personal information. Maybe you are doing all of the right things to protect folks from getting in to your web site from the front end but what if someone came in from the server back door any time they wanted, and they were able to get in and take what they wanted and then get out again without you or anyone else even knowing about it? What if a hacker found out this open door into your site and broadcast it to every other hacker on the internet? Can you imagine how vulnerable you could not only be yourself but how vulnerable you could make your customers if you do not take adequate steps to protect their trust in you?
I used to work for a Government contractor and achieved a security clearance because it was required for the information and content I was exposed to. When you are working with highly sensitive or confidential data the importance of security is driven into you in a way that the process of proactive protection has to become a natural reflex. They do this by constantly keeping you alert and they require annual refresher courses just so this stays at the top of your thought process. It actually is everyone’s responsibility to protect and be on the look-out.
In the commercial world I think this attention to creating a proactive culture for security can get diverted by economic conditions or other priorities at a given moment. There is usually not a specific protocol to follow nor consistent training available especially in smaller and mid-sized companies. In addition, many folks do not know the right questions to ask nor do they fully understand the technology or the consequences and thus leave themselves vulnerable to the whims of a crafty cyber hacker. Since over half of cyber threat activity comes from your competition or former employees you need to also take proactive security measures off line as well.
Locking down open source web environments:
In our little corner of the world with Joomla, Drupal and other open source technologies we have to pay special attention to this and try to share as much available information to inform our customer on best practices for protecting their investments as well as how they can be the most proactive with security.
What can you do?
- Make sure you work with a technical support team that is proactive about security.
- Stay in the loop on the latest trends and vulnerabilities
- Learn to ask the right questions and make them habits
- Train your team and establish protocols and procedures to follow
- Keep your web applications up to date
- Use SecureLive to monitor and lock down your web portals
- Never let security slip from the top of your priority list.
Remember a hacker is like a cancer, if you catch it in time you can prevent it from spreading or getting beyond control but you must completely remove it once it is discovered and make sure you monitor your vulnerability while keeping health conscious habits. However, the best defense is always prevention.
There are many sites online you can review to stay up on this and I recommend a few Google searches to explore the available information online but here is a good web site to monitor for security breaches that you can proactively respond to:
In addition with open source projects like Joomla! CMS they have a whole team dedicated to security. We post an rss feed directly from Joomla in our news section on www.joomladesignservices.com and try to get timely notifications out to our clients with required actions and recommendations.