Most businesses are aware that a spam filter and antivirus program are not all they need to protect themselves from the constantly evolving landscape of cybersecurity threats. Knowing just what a comprehensive security stance entails, however, is far less obvious. Comprehensive web security includes a full suite of tools to protect against malware infections, data breaches, and service disruptions. It protects the server, network, and email system. It includes advanced technologies like a web application firewall and involves proactive steps like vulnerability scanning.
But what do you do when something goes wrong? A click on the wrong email that leads to malware or a plug-in vulnerability that leads to a hacked webpage means that preventative measures are not enough, in that particular case. In order to minimize the damage caused by a security breach, a proactive web security stance has to be adopted ahead of time, including services and tools for mitigation, and a disaster recovery plan.
A major but often overlooked part of comprehensive cybersecurity protection is a remediation service. There is never time during a cybersecurity incident to search out an effective malware removal tool, for instance.
Organizational preparation is another important part of a complete, proactive cybersecurity posture. That means having the right tools, but also maintaining a minimum threshold of threat awareness. To assist with that awareness, consider the list below of the top five most common web security problems faced by businesses, and how to fix them.
1. Code Injection
Hackers are sometimes able to exploit vulnerabilities in applications to insert malicious code. Often the vulnerability is found in a text input field for users, such as for a username, where an SQL statement is entered, which runs on the database, in what is known as an SQL Injection attack. Other kinds of code injection attacks include shell injection, operating system command attacks, script injection, and dynamic evaluation attacks.
Attacks of this type can lead to stolen credentials, destroyed data, or even loss of control over the server. They are also surprisingly common, as the OWASP (Open Web Application Security Project) Foundation ranks code injection first in its Top 10 Application Security Risks.
There are two ways to prevent code injection: avoiding vulnerable code and filtering input. Applications can guard against vulnerable code by keeping data separate from commands and queries, such as by using a safe API with parameterized queries. Businesses should also use input validation, and observe the principle of least privilege, applying controls like the SQL LIMIT function to reduce the damage from a successful attack. A Web Application Firewall (WAF) which updates a threat database in real-time is the only effective way to filter application input to protect against code injection.
2. Data Breach
The cost of data breaches is well documented. They are often caused by compromised credentials, but the range of other common causes include software misconfiguration, lost hardware, or malware (more on that below). The Breach Level Index indicates there were 944 known data breaches in the first half of 2018 and nearly 2,000 in 2017.
Data breach prevention requires a range of good practices. Site traffic and transactions should be encrypted with SSL, permissions should be carefully set for each group of users, and servers should be scanned. Employees should be trained in how to avoid being caught by phishing attacks, and how to practice good password hygiene. The principle of least privilege is worth noting here, as well.
In the event that your business discovers a potential data breach, you may face legal or compliance requirements for notifying customers or regulatory authorities. Disclosure requirements and strategies should be determined ahead of time so that the maximum amount of organizational resources can be dedicated to making sure that no more data is stolen as well as repairing the damage caused. Once the attack vector has been blocked, a comprehensive incident investigation should be conducted, and the network scanned to make sure all vulnerabilities have been identified and closed off.
3. Malware Infection
Most businesses are aware on some level of the security threat posed by malware, yet many people are unaware that email spam is still the main vector of malware attack.
Because malware comes from a range of sources, several different tools are needed for preventing infection. A robust email scanning and filtering system is necessary, as are malware and vulnerability scans. Like breaches, which are often caused by malware infection, employee education is vital to keep businesses safe from malware.
Any device or system infected with malware must be thoroughly scrubbed, which means identifying the hidden portions of code and deleting all infected files before they replicate. This is practically impossible by hand, so requires an effective automated tool.
4. Distributed Denial of Service Attack
A Distributed Denial of Service (DDoS) attack generally involves a group of computers being harnessed together by a hacker to flood the target with traffic.
A NETSCAPE Arbor report suggested there were 7.5 million DDoS attacks in 2017, so while many target IT service providers, they are still more prevalent than many people realize. One of the most worrying aspects of DDoS attacks for businesses is that without even being targeted, the business can be affected just by using the same server, service provider, or even network infrastructure.
If your business is caught up in a DDoS attack, put your disaster recovery plan into effect, and communicate with employees and customers about the disruption. A security tool such as a WAF is used to close off the port or protocol being saturated, in a process which will likely have to be repeated as attackers adjust their tactics.
Ultimately, service is best restored with a content distribution network (CDN) like CloudFlare, which can absorb an enormous impact while identifying and then filtering out malicious traffic. Make sure to also look for DDoS protection with real-time monitoring for comprehensive mitigation of attacks.
5. Malicious Insiders
This last threat is uncomfortable to think about, but common enough to require serious consideration, as the 2017 U.S. State of Cybercrime Highlights report from CERT shows that one in five attacks are committed by insiders.
Preventing damage from insider attacks is largely about limiting the amount of access a malicious insider has. This means setting logical access control policies to implement the principle of least privilege (but you have that covered by now, right?), and monitoring the network with audit and transaction logs. A solution like Liquid Web’s custom Malicious Activity Detector (MAD) will also guard against threats both from within and outside the organization.
If a malicious insider attack is detected, the insider’s access privileges should immediately be revoked. That done, the police should be contacted to prevent that person from carrying out further actions that could damage the business, such as selling stolen data.
Part of the challenge for business cybersecurity is maintaining and using the full set of tools necessary for keeping up with the changing threat landscape. As IoT botnets, cryptomining malware, and other emerging threats evolve, it is increasingly unrealistic for organizations to keep up on their own. Being prepared remains critically important to maintaining business operations and productivity, however. By select a comprehensive, proactive security and remediation service and planning ahead, you can be reasonably assured that your business will meet any security challenges it might face.