If you are looking at this post right now, is that you are definitely thinking about securing your website, or at least you are looking for a reason that will motivate you to invest in such a thing. So let me give you 10 reasons why website security is an important aspect of the success of any business and why you should think seriously about it before it gets hacked.
Obviously, this is the first reason that pushes many people to think about securing their websites. Not securing your website could put your business in danger regarding international laws. Let’s start with one of the most known regulations in Europe, the GDPR, if a business does not put in place the needed systems and procedures to secure their client’s data and it gets hacked, then it will be subject to any legal penalties. Those penalties could go from 10 million euros to 2% of its entire global turnover.
Which is the case of big companies will be a disaster and could lead to bankruptcy. In 2020 only, the amount of fines paid by companies in Europe have reached 185,033,977 € according to enforcementtracker database.
HIPAA for example, the penalties can go from 100$ to 50000$ per violation in a case where a violation was made due to constituting willful neglect and no attempt has been made to correct the violation. In 2018 only, the amount of monetary penalties for healthcare organizations have reached 28.7 Million dollars.
So imagine yourself or your company in such a law pursuit situation or with such amount of penalties to pay. That would not be a situation you may want to be in. So think about it … just by investing a small amount of money and time on some security system, you will protect yourself first from a law pursuit even if you got hacked, and your will protect your clients.
As we all know, data is the gold of the internet. Imagine that one day you get to your company office, you open your computer and you try to reach your website and nothing happen … you call your system admin and he told you that you were the victim of a ransomware attack that exploited some kind of a vulnerability in the website. In addition, all your databases are encrypted forever. How would you feel in this situation? Trust me this is not some kind of science fiction film.
Two years ago, a client that has 5 years of accounting database encrypted in a hard drive reached me to help him recover his data. Fortunately, I was able to find a vulnerability in the ransomware that attacked him and I was able to get back the data. However, in most cases, this is not doable, and once the ransomware encrypts your data … there is not hope to get it back.
Securing your data and your client data should be the number one most critical aspect of your business. You must not be complacent in protecting them with all what you’ve got as your business success is based on it.
The most affected part of the business when a data breach happens is mainly the brand image. Let’s be honest if tomorrow you hear some of the most known websites where you perform most of your online shopping has been hacked and a lot of credit card information has been stolen, would you make any purchase from it again?
Trust me, 100% of people that I have asked them this question have responded NO. Moreover, that is very normal, how can someone trust a company that does not take care of its most valuable client’s data.
A study performed by IBM in 2018, has proved this in more companies that experienced a data breach have lost customers. The same research proves that those who had implemented some kind of security best practices and recommendation was able to reduce the impact of an inevitable data breach while reducing.
You may say that security is not perfect and that there is no such 100% secure system and the data breach can happen to anyone even if he has the most secure systems in the world and Facebook is the best example for that. However, according to the same IBM study, companies that put in place programs to secure their systems, are able to significantly reduces the time to identify, the time to contain the data breach incident, and the cost of the data breach.
Obviously, losing clients mean a drop in revenue. According to a study performed by Vistage and cisco, 60 percent of small and midsize businesses go out of business after six months of being a victim of a cyber-attack. Moreover, a company can experience a complete loss of data, extended periods of system downtime, and financial losses that exceed $500,000
If we take a simple example like amazon, what would happen if his website goes down for 1 hour only? did you have ever thought about that? According to an article written by the famous magazine Forbes, amazon would lose about, 4 million dollars every hour, if their website goes down for only one hour.
This means it is much better to invest that money on making your website much more secure, rather than losing it on fixing things and rescuing your brand name.
If you think that, all that black hat hackers do is defacing your website and leaving some kind of slogans then you will be definitely wrong. That is something you would hear about in the nineties where black hat hackers were hacking websites for fun. Today, things have changed and most black hat hackers try to penetration systems to get as much money as possible from it in any possible way.
Let me give you some examples of how would that happen. In the last 10 years, we started to hear more about Bitcoin and how its price is getting higher fast. Therefore, five years ago hackers have started to put miners in the server once they get into it, to start earning bitcoins while using the resources of their hacked websites. This action will push you to think that you need to get more resources to make your website faster and so on. Then you will start to lose your money to help the hacker.
One more example and the most popular one, in general when a good hacker gets into your system by exploiting a vulnerability in your app, he tries to do what we call persistence. It means that he will do everything he could to keep that access even if you reboot the system or patch that vulnerability in the future. Therefore, to do that, they put what we call backdoors in the system or your app, which makes their detection way more difficult.
By having that level of access to your system and of course your source code, the hacker may start to modify your bank credentials to start forwarding money to him.
To explain this point I think the best thing I can do is to explain the process of each one of them. When I talk about prevention, I mean you will perform some penetration testing and you may buy some security solutions to enhance your security.
However, in the cleaning process you need to perform these things one after another to ensure that your website is not more compromised:
The number one reason that leads to the website being blacklisted by Google or any other company is being hacked. Why simply because one of the most recent black hat hackers monetization techniques is to inject their ad networks into some malicious mobile applications and use the hacked website as a backend to receive and control those apps.
Once they get discovered by google or apple or any other company the first thing they do is extracting the IOC (where the hacked domain name is one of them) and then they blacklist them to be quickly get detected by other firewalls and robots.
Now to fix this, it will take you a long time to do so, and trust me it is a situation that no one wants to get into it. I have worked with people that were in this situation and trust me … it is very difficult to gain a client’s trust once you get there.
What I actually want the reader to understand from this article, is that investing in securing your website contributes to creating business value. In addition, website security help increasing the market value because of stakeholder perception. It increase also customer satisfaction because of better availability and assurance.
If you ask anyone around you this question, and I have already tried my self:
If you find your product on Amazon and in another website with the same specifications, price, and same client support …, which one of them would you choose?
100% of the people that I have asked them this question have responded that they will choose amazon for the same reason … WE TRUST AMAZON MORE. This trust comes from years of hard work, in terms of cybersecurity and customer support.
You are not convinced? Then try to ask people why they are subscribing and working with PayPal each time they want to do shopping 😉
That’s definitely one of the most critical reasons why you may think about securing your website. This is most likely to be applied to companies that own web applications, where they’ve put a lot of work to make them happen. Leaking the source code of software that costs millions, will certainly be a disaster for the company that owns it. It just means that they can no longer make money from selling it until they perform a very big change on it that will push people to buy it.
In 2018, a bug bounty hunter was able to leak a Snapchat source code. Snapchat shares have dropped by 3.4% the day after the breach got public. In 2011, a hacker team was able to leak the source code of the RSA SecureID product that is used to add layers of security into the login process of the company network and apps. The cost of this breach has reached 66 million dollars in terms of replacing the physical tokens.
On the worldwide web, there are many kinds of vulnerabilities that could be exploited to make that happen. From as simple as a cross-site scripting vulnerability to a remote code execution one.
Securing your web application will help you reduce the risk for such thing to happen
For one last reason, website security is becoming a ranking factor for Google. As you know, Google is investing a lot of money in securing its system for a better and secure client experience. According to them, this investment has shown some awesome results (as I have already mentioned in the other points :p ) so they are now trying to make it general and trying to make the web much more secure.
Google is trying to push webmasters to start adopting HTTPS as a default communication system between their backend and the client browser. For those who do not know, HTTP is an insecure communication protocol, all the data that your clients are sending to you could be easily read by anyone in the network. To fix this design problem, HTTPS adds a layer of encryption in the HTTP protocol to secure it.
I hope you are now more convinced that securing your website should be your number one concern of course after business success. Trust me I am not writing this article because I offer such consulting service here, you can buy this service from anyone you want. I have written this article because I have seen many people underestimate the value of security and see it as a blocking component in business progress.
I hope by finishing this article you have now a much better view about this subject. Good luck and stay safe.
I am a Cyber Security Expert, I have worked with many companies around the globe to secure their applications and their networks. I am certified OSCP and OSCE which are the most recognized and hard technical certifications in the industry of cybersecurity. I am also a Certifed Ethical hacker (CEH). I hope you enjoy my articles :).
Along with my whole experience in penetration testing, every time I start a new mission I always ask my clients this question. What type of penetration test do you need ...
Undoubtedly, ChatGPT stands out as one of the most remarkable inventions of 2021. Its wide-ranging capabilities and applications have opened up endless possibilities for human interaction and problem-solving. Furthermore, certain [...]
Post comments (0)