Once more unto the breach

According to the latest government statistics, 43% of UK businesses have experienced a cyber breach or attack in the last year alone! This has amounted to over £1 billion stolen through credit card fraud alone. Worse still, many of these breaches could have been avoided with better website security.

Often, when we think of hackers and data thieves, we think of dramatic tales of legendary hacker such as Kevin Mitnick who was convicted of high-profile computer security breaches in the 1990s, or the 15-year old Jonathan James who was convicted of cybercrimes, including the theft of data from NASA. Whilst these cases highlight thefts that are of international importance, they may give you some idea of what a more discreet hacker could accomplish by hacking your website.

What do hackers get out of hacking?

Many people often assume that hacking a website is simply about stealing financial data, but there are many ways and reasons a hacker will access a website. For example, they could:

• Insert redirects so that your traffic is sent to their website to generate revenue for them through an affiliate link
• Steal contact details or access the database to send spam or sell the list to others or set up new credit accounts
• Steal payment details
• Insert malicious software such as viruses which can be used to infect other computers or keyloggers which track activity or collect sensitive data
• Create backdoors to your website to gain higher privileged access to important web server configuration files and potentially gain access to other websites on that same server

In some cases, hackers attack websites for fun, such as using automated tools to exploit site vulnerabilities simply because they exist.

What are the consequences of a breach?

When your site is hacked, the consequences may include:

• Your website no longer being ranked by Google, which can take a long time to build back up again
• Negative reputation and loss of confidence in your business which may result in lost business
• The removal or destruction of data and files, which could also be a big problem if this hasn’t been backed up and may be costly to fix
• Hosting companies closing your account and disabling your website
• Lawsuits from customers if they feel there have been insufficient measures taken to protect them
• Fines from banks following a fraud investigation, if it’s believed the business owner was at fault for not adequately securing their website
• Fines from the ICO are likely to occur following a breach if it is believed to have been avoidable. If you’ve had a breach, you should report it to them and they will advise how to contain it and what steps to take to prevent it from happening again

Unfortunately, hackers are smart. They use sophisticated technology, staying ahead of the police (evading prosecution) and making it much harder to detect a breach or fraudulent activity.

In the next blog of this three-part data breach series, we will be looking at how website security is part of delivering good customer service and why communication following a breach is so important.

If you require any more information, or would like to enquire about website security or Zenplan website maintenance plans, feel free to send me an email at ideas@steveperrycreative.com, call on +44 1782 954282, or follow me on Twitter @stevemarkperry for bite-sized updates.