Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Top 5 Reasons Your Small Business Website is Under Attack
Newest First  |  Oldest First  |  Threaded View
Page 1 / 3   >   >>
Chris Weltzien
Chris Weltzien,
User Rank: Author
9/2/2014 | 6:37:08 PM
RE: Solutions
Hi Joseph -- at 6Scan we provide a free scanning service availble at www.6scan.com/signup. We will identify vulnerabilities and existing website infections and we provide paid remediation services to fix any problems. We try and keep the process as smooth and affordable as possible. Solutions are also available from SiteLock and Sucuri.
JosephL208
JosephL208,
User Rank: Apprentice
9/1/2014 | 9:28:53 AM
RE: Solutions
So, what are the solution? The real soutions? As a small business owner, I don't really have the time to dedicate to protecting my systems especailly given how fast the hacking evolves. Yet, I also can't afford to have my reputation and data compermised. So, what are the solutions?


Capital LookUp - www.capitallookup.com/
RyanSepe
RyanSepe,
User Rank: Ninja
8/31/2014 | 8:37:37 AM
Re: a good read - important for small business owners
Is the reason for why they are typically less vigilant with their bank accounts due to lack of resources? I feel their should be a finance analyst that would track changes to the account on a daily basis.

Also, how come the same fraud measures aren't taken for SMB's?
DarkReadingTim
DarkReadingTim,
User Rank: Strategist
8/29/2014 | 9:25:41 AM
Re: a good read - important for small business owners
A key reason for continued attacks on SMBs is their bank accounts. An SMB can get a significantly larger line of credit than an individual, yet most SMBs don't track their "identities" as closely as individuals do. And oh, by the way, banks don't simply reimburse SMBs for fraudulent charges as they do for individuals.
Biffster
Biffster,
User Rank: Apprentice
8/28/2014 | 3:24:10 PM
Re: How do non-techie small businesses get security advice?
Agreed! Or perhaps Web Hosters should be more proactive in enforcing safe secure website behavior, sorta like the "click it or ticket" campaign for seat belt enforcement. Unsecured sites are the online equivalent of an attractive nuisance that can harm many others.
Whoopty
Whoopty,
User Rank: Ninja
8/28/2014 | 3:15:27 PM
Re: Don't bother without security
A lot of the problems I've found when working with smaller businesses, is there's often a lack of understand not only of security itself, but who to hire to help with it. There are pleenty of freelancers I've worked with who claim to be well versed in Wordpress (or similar CMS) security, only to have them charge for hours of work with little results, or for them to clear out the affected files but not fix the loophole.

Very frustrating for everyone involved. I'd love to see some sort of accreditation that could be earned perhaps that was well known enough that even those unfamiliar with web security at an even basic level could understand and hire the right people. 
Chris Weltzien
Chris Weltzien,
User Rank: Author
8/28/2014 | 3:12:31 PM
Re: Don't bother without security
Great point. With proactive security the cost/benefit analysis focuses on value of the assett being secured. Two examples we see are small companies that service larger customers and small businesses that run transactional models. 

If you serve larger clients (who interact with your site) the cost of being a watering hole -- hacked and infected as a means to attack your larger customers -- can be measured as percentage of the value of your current clients. Also, if the attack became public, competitors would use it to take new business. To stay competitive would then require  marketing to off set the damage. 

On the transactional side the calculation would include lost revenue if your site is blacklisted by browsers or toolbars (Chrome, Firefox, AVG, etc) and the near destruction of all SEO/SEM efforts. Years of optimization can be undone with a single malware detection and it can take months to get it back. 
GonzSTL
GonzSTL,
User Rank: Ninja
8/28/2014 | 2:49:48 PM
Re: Don't bother without security
Unfortunate indeed! Delivery of secure technology, and not just delivery of technology itself, should be a top priority for a business that includes an internet presence as part of their operational and strategic goals. However, without proper communication of the importance of security, organization heads will not place that kind of priority on security. It is therefore imperative that security professionals learn the art of effective business communication if they are to push the security agenda forward. FUD (fear, uncertainty, doubt) based messages have gone the way of the boy who cried wolf. Tough sell though, for a small business that has limited resources to begin with.
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
8/28/2014 | 8:00:11 AM
Re: How do non-techie small businesses get security advice?
Or the web hoster should be more proactive about raising the awareness of the small business about potential website security issues that could cause serious damage.
Chris Weltzien
Chris Weltzien,
User Rank: Author
8/27/2014 | 9:57:16 PM
Re: How do non-techie small businesses get security advice?
This rather common -- a small company has a problem with their site but the developer did it as a one-off project and is no longer actively engaged. You make a great point, when hiring a developer companies should ask for an ongoing plan to maintain the security of the site.
Page 1 / 3   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Promise and Reality of Cloud Security
Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises address the associated security risks. This report - a compilation of cutting-edge Black Hat research, in-depth Omdia analysis, and comprehensive Dark Reading reporting - explores how cloud security is rapidly evolving.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-0560
PUBLISHED: 2023-01-28
A vulnerability, which was classified as critical, has been found in SourceCodester Online Tours & Travels Management System 1.0. This issue affects some unknown processing of the file admin/practice_pdf.php. The manipulation of the argument id leads to sql injection. The attack may be initiated...
CVE-2023-0561
PUBLISHED: 2023-01-28
A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file /user/s.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The expl...
CVE-2023-23628
PUBLISHED: 2023-01-28
Metabase is an open source data analytics platform. Affected versions are subject to Exposure of Sensitive Information to an Unauthorized Actor. Sandboxed users shouldn't be able to view data about other Metabase users anywhere in the Metabase application. However, when a sandbox user views the sett...
CVE-2023-23629
PUBLISHED: 2023-01-28
Metabase is an open source data analytics platform. Affected versions are subject to Improper Privilege Management. As intended, recipients of dashboards subscriptions can view the data as seen by the creator of that subscription. This allows someone with greater access to data to create a dashboard...
CVE-2023-23616
PUBLISHED: 2023-01-28
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, when submitting a membership request, there is no character limit for the reason provided with the request. This could potentially allow a user to...