Types and Tips for Online Security Threats

Posted on

  • email
  • twitter
  • facebook
  • share this

share this


By Americaneagle.com Chief Technology Officer, Ryan McElrath

There are many common threats against websites today. According to the National Cyber Security Alliance (NCSA) and McAfee, close to one in five Americans report being victimized by a crime that was committed over the Internet. Whether it is a social media website such as Facebook or Twitter, an e-commerce website or a company website, every online platform is vulnerable to security attacks. It’s incumbent upon you to be aware of these types of attacks and make sure you and your hosting company are prepared to handle them. 

While online threats are always evolving, there are a few in particular that are currently popular among hackers:

1. There are Web application attacks where hackers exploit vulnerabilities within the website code or Web server security. Common techniques for this include SQL Injection and Cross-site Scripting. A hacker may use an attack like this to extract sensitive information (like credit card data) or post malware, which is then downloaded by unknowing end users of the site.

2. There are distributed denial of service (DDoS) attacks where hackers attempt to take a website offline by overwhelming it with traffic rather than trying to gain access to sensitive data. Botnets of potentially thousands (and thousands) of infected computers spread out around the world are typically used to launch these types of attacks that can last for multiple hours or even days. Outages caused by DDoS attacks can result in heavy financial loss, as well as significant damage to a company’s reputation. 

3. There are also social engineering attacks where hackers trick humans into giving them privileged information over the phone or via email, which is then used to log into unauthorized systems. Phishing is an example of this – this is when a hacker sends an email that appears to be legitimate and tricks the email recipient into typing his or her login/password into a website that resembles the real site. The hacker then uses that login/password to gain access to the real website.

Within the last several years, Sony, LinkedIn, Zappos, Yahoo, the South Carolina Department of Revenue and several major universities have all been victims of security breaches that exposed the personal data of millions of people. Meanwhile, large-scale DDoS attacks have knocked a number of high-profile websites offline, including Bank of America, JP Morgan Chase, MasterCard, NASDAQ, the FBI and the CIA.

With each of these types of security attacks, companies need to be aware that no matter how large or small they are, hackers are constantly looking for weaknesses within websites. 

Below are a few simple tips on how to reduce the risk of the most common threats that will pay tenfold in the long run: 

1. Using a Web application firewall (WAF) is a very effective way to help defend your website against application attacks that attempt to extract sensitive data from your site. A Web application firewall sits in front of your website and filters all requests, blocking requests that match the pattern of common attacks such as SQL Injection and Cross-site Scripting. Imperva’s Cloud WAF is an affordable software-as-a-service (SaaS) product for small to mid-enterprise businesses that offers the highest levels of website security without requiring a large equipment investment.

2. A common misconception about distributed denial of service (DDoS) attacks is the idea that your Web hosting provider will be able to stop any attack against your website with the firewalls within their data center. The reality is that these attacks continue to increase with intensity and regularly overrun even the most powerful of firewalls, causing outages for your website. The best defense against these types of attacks is to have protection through a DDoS mitigation provider that can filter requests through their scrubbing centers before the attack reaches your site’s infrastructure. These scrubbing centers allow legitimate traffic to continue through to your website while stopping the attack traffic that is attempting to knock your website offline. 

3. Organizations can better protect themselves against social engineering attacks by training employees on security issues and going over specific methods that hackers may use to trick them into giving up personal information. For example, some common techniques used by hackers include acting like an internal employee or pretending that they’re conducting a survey as a way to justify the types of questions they’re asking. It’s important for employees to know that if they’re suspicious of a call or email, to ask their manager before releasing the information.

Organizations should create an incident response procedure to be used in the event that your website’s security is breached. As part of the procedure, your organization should notify the necessary authorities regarding the attack. This includes your local FBI office as well as the major credit card associations if card data is exposed during the attack.

About the Author: Ryan McElrath is the chief technology officer of Americaneagle.com, which is a Web design and hosting company based in Park Ridge, Illinois. Some of their 5,000-plus clients include Hobby Lobby, New York Giants, NASCAR, Stuart Weitzman, Garrett Popcorn, Chicago Bears, Abbott Laboratories and the U.S. Army. 

 

 
 : Expand your reach with $50 in free ads when you sign up with Bing Ads :


Login To Comment


Become a Member

Not already a part of our community? Sign up to participate in the discussion. It's free and quick.

Sign Up

20 comments

Web Design Firm 03-12-2013 7:17 AM

Ryan thank you for the great attack descriptions and the solutions to deal with them.

Security Direct 12-03-2013 3:43 AM

These tips are very valuable I'll follow them to make more security of my website online.

Compuchenna 01-23-2014 12:30 PM

The internet is increasing in popularity every day, so it's expected that criminals would take to the internet to carry out their deeds. I think people should be aware of the risks of buying online and using social media platforms, to an extent, at least. As it will go a long way.

white hat seo services 07-05-2014 3:15 AM

Wonderful illustrated information. I thank you about that. No doubt it will be very useful for my future projects. Would like to see some other posts on the same subject!

<a href='http://www.ineedseo.org/' target='_blank'>white hat seo services</a>

beaded medical alert bracelets 07-21-2014 3:30 PM

This is very educational content written well for a change. It's nice to see that some people still understand how to write a quality post.!

fashion medical alert bracelets 07-21-2014 3:33 PM

Positive site, where did u come up the information on this posting? I'm pleased I discovered it though, ill be checking back soon to find out what additional posts you include.

seo blog uk 11-29-2014 10:23 PM

I really admired reading your website. It had been fine authored and simple to know. In contrast to further blogs I actually have read that are extremely not that good. I also found your posts terribly attention-grabbing. If truth be told after reading, I had to go show it to my friend and he enjoyed it as well.

www.amazon.com 03-08-2015 3:47 AM

It will be ideal to say that you accompanied great elegantly composed articles.

crystal X 03-11-2015 4:00 PM

Really decent post. I simply unearthed your site and wished to say that I've truly delighted in searching your blog entries.

iherb coupon code 03-14-2015 3:35 PM

I will impart it to my companions and add this site to my bookmark records! Much obliged for offering. Awesome Websites!

Amazon.com 03-16-2015 9:46 AM

I like it a considerable measure. I truly like the way you begin and finish up your considerations. Much thanks to you such a great amount for this data.

do yorkies shed 03-17-2015 9:55 AM

I was looking for something like this…I found it quiet interesting, hopefully you will keep posting such blogs.

iTune Error 7 03-24-2015 10:06 PM

This becomes more of an issue when you have something you want and need to protect online, like a valuable piece of virtual real estate.

Quantum Vision System Review 04-05-2015 6:40 AM

This is extremely decent to see this online journal and its truly enlightening for the perusers. Simply need to say I certainly see the substance of this I attempted to discover today.

assignment writing service UK 04-08-2015 4:03 AM

This was a truly remarkable post. In principle I'd like to form like this as well - requiring significant investment and genuine push to make a strong article.

assignment writing service UK 04-08-2015 4:04 AM

This was a truly remarkable post. In principle I'd like to form like this as well - requiring significant investment and genuine push to make a strong article.

tips on finding your passion 04-08-2015 3:27 PM

I have clarify all the remarks and recommendations posted by the guests for this article are exceptionally good,We will sit tight for your next article soonly.

clash of kings hack apk 04-12-2015 5:30 AM

I am trying to taking a shot at a school investigate this subject and your post has helped me with the data I expected to finish it

music creation software 04-14-2015 3:28 AM

I am exceptionally cheerful to peruse this article.thanks for issuing us this helpful data. Fabulous stroll through.

chaturbate token hack 04-15-2015 11:15 AM

I agree with your decisions and will avidly anticipate your future updates..Everything in this post is marvelous!

Add to the discussion!

999 E Touhy Ave
Des Plaines, IL 60018

Toll Free: 1.800.817.1518
International: 1.773.628.2779
Fax: 1.773.272.0920
Email: info@websitemagazine.com

Facebook


Twitter