Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Comments
Top 5 Reasons Your Small Business Website is Under Attack
Newest First  |  Oldest First  |  Threaded View
Page 1 / 3   >   >>
Chris Weltzien
Chris Weltzien,
 User Rank: Author
9/2/2014 | 6:37:08 PM
RE: Solutions
Hi Joseph -- at 6Scan we provide a free scanning service availble at www.6scan.com/signup. We will identify vulnerabilities and existing website infections and we provide paid remediation services to fix any problems. We try and keep the process as smooth and affordable as possible. Solutions are also available from SiteLock and Sucuri.
JosephL208
JosephL208,
 User Rank: Apprentice
9/1/2014 | 9:28:53 AM
RE: Solutions
So, what are the solution? The real soutions? As a small business owner, I don't really have the time to dedicate to protecting my systems especailly given how fast the hacking evolves. Yet, I also can't afford to have my reputation and data compermised. So, what are the solutions?


Capital LookUp - www.capitallookup.com/
RyanSepe
RyanSepe,
 User Rank: Ninja
8/31/2014 | 8:37:37 AM
Re: a good read - important for small business owners
Is the reason for why they are typically less vigilant with their bank accounts due to lack of resources? I feel their should be a finance analyst that would track changes to the account on a daily basis.

Also, how come the same fraud measures aren't taken for SMB's?
DarkReadingTim
DarkReadingTim,
 User Rank: Strategist
8/29/2014 | 9:25:41 AM
Re: a good read - important for small business owners
A key reason for continued attacks on SMBs is their bank accounts. An SMB can get a significantly larger line of credit than an individual, yet most SMBs don't track their "identities" as closely as individuals do. And oh, by the way, banks don't simply reimburse SMBs for fraudulent charges as they do for individuals.
Biffster
Biffster,
 User Rank: Apprentice
8/28/2014 | 3:24:10 PM
Re: How do non-techie small businesses get security advice?
Agreed! Or perhaps Web Hosters should be more proactive in enforcing safe secure website behavior, sorta like the "click it or ticket" campaign for seat belt enforcement. Unsecured sites are the online equivalent of an attractive nuisance that can harm many others.
Whoopty
Whoopty,
 User Rank: Ninja
8/28/2014 | 3:15:27 PM
Re: Don't bother without security
A lot of the problems I've found when working with smaller businesses, is there's often a lack of understand not only of security itself, but who to hire to help with it. There are pleenty of freelancers I've worked with who claim to be well versed in Wordpress (or similar CMS) security, only to have them charge for hours of work with little results, or for them to clear out the affected files but not fix the loophole.

Very frustrating for everyone involved. I'd love to see some sort of accreditation that could be earned perhaps that was well known enough that even those unfamiliar with web security at an even basic level could understand and hire the right people. 
Chris Weltzien
Chris Weltzien,
 User Rank: Author
8/28/2014 | 3:12:31 PM
Re: Don't bother without security
Great point. With proactive security the cost/benefit analysis focuses on value of the assett being secured. Two examples we see are small companies that service larger customers and small businesses that run transactional models. 

If you serve larger clients (who interact with your site) the cost of being a watering hole -- hacked and infected as a means to attack your larger customers -- can be measured as percentage of the value of your current clients. Also, if the attack became public, competitors would use it to take new business. To stay competitive would then require  marketing to off set the damage. 

On the transactional side the calculation would include lost revenue if your site is blacklisted by browsers or toolbars (Chrome, Firefox, AVG, etc) and the near destruction of all SEO/SEM efforts. Years of optimization can be undone with a single malware detection and it can take months to get it back. 
GonzSTL
GonzSTL,
 User Rank: Ninja
8/28/2014 | 2:49:48 PM
Re: Don't bother without security
Unfortunate indeed! Delivery of secure technology, and not just delivery of technology itself, should be a top priority for a business that includes an internet presence as part of their operational and strategic goals. However, without proper communication of the importance of security, organization heads will not place that kind of priority on security. It is therefore imperative that security professionals learn the art of effective business communication if they are to push the security agenda forward. FUD (fear, uncertainty, doubt) based messages have gone the way of the boy who cried wolf. Tough sell though, for a small business that has limited resources to begin with.
Marilyn Cohodas
Marilyn Cohodas,
 User Rank: Strategist
8/28/2014 | 8:00:11 AM
Re: How do non-techie small businesses get security advice?
Or the web hoster should be more proactive about raising the awareness of the small business about potential website security issues that could cause serious damage.
Chris Weltzien
Chris Weltzien,
 User Rank: Author
8/27/2014 | 9:57:16 PM
Re: How do non-techie small businesses get security advice?
This rather common -- a small company has a problem with their site but the developer did it as a one-off project and is no longer actively engaged. You make a great point, when hiring a developer companies should ask for an ongoing plan to maintain the security of the site.
Page 1 / 3   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The 10 Most Impactful Types of Vulnerabilities for Enterprises Today
Managing system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-1172
PUBLISHED: 2023-03-17
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that w...
CVE-2023-1469
PUBLISHED: 2023-03-17
The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenti...
CVE-2023-1466
PUBLISHED: 2023-03-17
A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. It has been rated as critical. This issue affects the function view_student of the file admin/?page=students/view_student. The manipulation of the argument id with the input 3' AND (SELECT 2100 FROM (SELECT(...
CVE-2023-1467
PUBLISHED: 2023-03-17
A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file Master.php?f=delete_img of the component POST Parameter Handler. The manipulation of the argument path with the input C%3A%2Ffoo.txt le...
CVE-2023-1468
PUBLISHED: 2023-03-17
A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=reports&date_from=2023-02-17&date_to=2023-03-17 of the component Report Handler. The manipula...