Types and Tips for Online Security Threats

Posted on

  • email
  • twitter
  • facebook
  • share this

share this


By Americaneagle.com Chief Technology Officer, Ryan McElrath

There are many common threats against websites today. According to the National Cyber Security Alliance (NCSA) and McAfee, close to one in five Americans report being victimized by a crime that was committed over the Internet. Whether it is a social media website such as Facebook or Twitter, an e-commerce website or a company website, every online platform is vulnerable to security attacks. It’s incumbent upon you to be aware of these types of attacks and make sure you and your hosting company are prepared to handle them. 

While online threats are always evolving, there are a few in particular that are currently popular among hackers:

1. There are Web application attacks where hackers exploit vulnerabilities within the website code or Web server security. Common techniques for this include SQL Injection and Cross-site Scripting. A hacker may use an attack like this to extract sensitive information (like credit card data) or post malware, which is then downloaded by unknowing end users of the site.

2. There are distributed denial of service (DDoS) attacks where hackers attempt to take a website offline by overwhelming it with traffic rather than trying to gain access to sensitive data. Botnets of potentially thousands (and thousands) of infected computers spread out around the world are typically used to launch these types of attacks that can last for multiple hours or even days. Outages caused by DDoS attacks can result in heavy financial loss, as well as significant damage to a company’s reputation. 

3. There are also social engineering attacks where hackers trick humans into giving them privileged information over the phone or via email, which is then used to log into unauthorized systems. Phishing is an example of this – this is when a hacker sends an email that appears to be legitimate and tricks the email recipient into typing his or her login/password into a website that resembles the real site. The hacker then uses that login/password to gain access to the real website.

Within the last several years, Sony, LinkedIn, Zappos, Yahoo, the South Carolina Department of Revenue and several major universities have all been victims of security breaches that exposed the personal data of millions of people. Meanwhile, large-scale DDoS attacks have knocked a number of high-profile websites offline, including Bank of America, JP Morgan Chase, MasterCard, NASDAQ, the FBI and the CIA.

With each of these types of security attacks, companies need to be aware that no matter how large or small they are, hackers are constantly looking for weaknesses within websites. 

Below are a few simple tips on how to reduce the risk of the most common threats that will pay tenfold in the long run: 

1. Using a Web application firewall (WAF) is a very effective way to help defend your website against application attacks that attempt to extract sensitive data from your site. A Web application firewall sits in front of your website and filters all requests, blocking requests that match the pattern of common attacks such as SQL Injection and Cross-site Scripting. Imperva’s Cloud WAF is an affordable software-as-a-service (SaaS) product for small to mid-enterprise businesses that offers the highest levels of website security without requiring a large equipment investment.

2. A common misconception about distributed denial of service (DDoS) attacks is the idea that your Web hosting provider will be able to stop any attack against your website with the firewalls within their data center. The reality is that these attacks continue to increase with intensity and regularly overrun even the most powerful of firewalls, causing outages for your website. The best defense against these types of attacks is to have protection through a DDoS mitigation provider that can filter requests through their scrubbing centers before the attack reaches your site’s infrastructure. These scrubbing centers allow legitimate traffic to continue through to your website while stopping the attack traffic that is attempting to knock your website offline. 

3. Organizations can better protect themselves against social engineering attacks by training employees on security issues and going over specific methods that hackers may use to trick them into giving up personal information. For example, some common techniques used by hackers include acting like an internal employee or pretending that they’re conducting a survey as a way to justify the types of questions they’re asking. It’s important for employees to know that if they’re suspicious of a call or email, to ask their manager before releasing the information.

Organizations should create an incident response procedure to be used in the event that your website’s security is breached. As part of the procedure, your organization should notify the necessary authorities regarding the attack. This includes your local FBI office as well as the major credit card associations if card data is exposed during the attack.

About the Author: Ryan McElrath is the chief technology officer of Americaneagle.com, which is a Web design and hosting company based in Park Ridge, Illinois. Some of their 5,000-plus clients include Hobby Lobby, New York Giants, NASCAR, Stuart Weitzman, Garrett Popcorn, Chicago Bears, Abbott Laboratories and the U.S. Army. 

 

 
     :: Try iContact for FREE for 30 Days! Sign up now at iContact.com ::


Login To Comment


Become a Member

Not already a part of our community? Sign up to participate in the discussion. It's free and quick.

Sign Up

7 comments

Web Design Firm 03-12-2013 7:17 AM

Ryan thank you for the great attack descriptions and the solutions to deal with them.

Security Direct 12-03-2013 3:43 AM

These tips are very valuable I'll follow them to make more security of my website online.

Compuchenna 01-23-2014 12:30 PM

The internet is increasing in popularity every day, so it's expected that criminals would take to the internet to carry out their deeds. I think people should be aware of the risks of buying online and using social media platforms, to an extent, at least. As it will go a long way.

white hat seo services 07-05-2014 3:15 AM

Wonderful illustrated information. I thank you about that. No doubt it will be very useful for my future projects. Would like to see some other posts on the same subject!

<a href='http://www.ineedseo.org/' target='_blank'>white hat seo services</a>

beaded medical alert bracelets 07-21-2014 3:30 PM

This is very educational content written well for a change. It's nice to see that some people still understand how to write a quality post.!

fashion medical alert bracelets 07-21-2014 3:33 PM

Positive site, where did u come up the information on this posting? I'm pleased I discovered it though, ill be checking back soon to find out what additional posts you include.

seo blog uk 11-29-2014 10:23 PM

I really admired reading your website. It had been fine authored and simple to know. In contrast to further blogs I actually have read that are extremely not that good. I also found your posts terribly attention-grabbing. If truth be told after reading, I had to go show it to my friend and he enjoyed it as well.

Add to the discussion!

999 E Touhy Ave
Des Plaines, IL 60018

Toll Free: 1.800.817.1518
International: 1.773.628.2779
Fax: 1.773.272.0920
Email: info@websitemagazine.com

Facebook


Twitter