Cybersecurity is important and a great concern for every business represented on the web. Actually, cybersecurity is important for any user who enters the Internet, so for serious companies it’s especially vital. That’s why we have previously written about the main things you should know about Drupal website security, as well as tips on how you can ensure it. In today’s article we will mention cyber threats which are currently very widespread. We will also suggest tips to you to help you be prepared for those threats and avoid cyber attacks.
The biggest cybersecurity threats of 2017
Ransomware is the act of blocking victim's access to their data or threatening to make secret information public or deleted until a demanded ransom is paid. 2017 SonicWall Annual Threat Report showed that ransomware attacks had recently bounced from 3.2 million in 2014 and 3.8 million in 2015 to 638 million in 2016.
There are various ways criminals can penetrate the software. It can be RaaS (Ransomware-as-a-Service), bespoke ransomware from the dark web, or “locky.” The last one looks like a Word document that asks user to enable macros. After enabling, Locky scrambles all the victim’s files, including Office files, images, videos and so on.
Phishing is an attempt to obtain passwords, usernames, credit card details and other sensitive info. According to Wombat 2017 State of the Fish, 44% of organizations have experienced phishing through SMS messaging (smishing) and phone calls (vishing). Hackers also can send fraudulent emails from trusted accounts or from individual staff members.
61% reported experiencing spear phishing, which is more targeted attack type. Spear phishers gather information on key people among company staff in order to create more personalized, and thus more convincing, e-mails to inspire target users give confidential data voluntarily.
Malvertising or malicious advertising is a way to spread malware through online ads. Modern techniques allow it to bypass ad-blocking apps and display ads without the user’s permission to make arbitrary code become executed. RiskIQ 2016 Malvertising Report showed there has been a 132.6% increase in total malvertisements in 2016 compared to 2015.
7 tips to prevent hacker attacks and enhance web security:
- Create reliable backups and backup your data to a secure location every day, or even every hour. It’s better to use a few backups or a few backup systems. This will help your data recover even when you do get hacked.
- Switch from HTTP to HTTPS with site-wide SSL (Secure Sockets Layer) or TLS (Transport Layer Security). This protocol was designed to secure communication and save private data exchanged between a user and a server.
- Update to the latest version Keeping your website up to date means improved functional features which provide you with better security.
- Do a website security audit to check for vulnerabilities regularly, and patch detected website weaknesses.
- Monitor your uptime and downtime in order to be able to react as fast as possible in cases when your site is down.
- Secure your company’s social media accounts to avoid them being compromised.
- Don’t download unverified files, documents, attachments or apps. Don’t click on unknown links, ads, sites and so on.
We hope this article was useful for you. If you have any questions, feel free to contact our IT-specialists.