Is your website at risk?
Although many cyberattacks are the equivalent of a thief trying car doors until they find one unlocked, some cyber criminals are extremely organised. When a website patch is announced, criminals can check their lists of websites and quickly identify vulnerable websites.
Their aim is simple – to breach them before administrators install the updates. It can be a race against time, as this real-life story illustrates…
A matter of chance
When a new member of the team started work for one of our clients, they were asked to spend part of their first day looking through the company’s website to familiarise themselves with the services provided by the organisation. Fortunately, rather than entering the URL direct, they attempted to access the site through the Google listing.
They were surprised to find that the company information in Google linked to a pop up that informed them that they had been selected by their internet provider as a winner of a promotional contest! All they needed to do was to select a prize and enter their details so the gift could be sent to them. The savvy new starter realised that the firm’s website had been compromised and raised the alarm. The company’s outsourced web team was immediately tasked with establishing the nature of the breach and reinstating the website, before any more damage could be done.
Restoring the website
The web team needed to restore the site as quickly as possible. Fortunately, back-ups were regularly taken and tested as part of the firm’s Cyber Essentials certification. The most recent back-up had been taken just one day before the compromise. Tests showed that the back-up was uncompromised, so this version of the site was uploaded. Once complete, any content added since the last back-up was manually added to the site. In all, the site was only offline for four hours and the total cost of restoring the site was £380.
Changing user account passwords
All user account passwords were also changed as a precaution.
Identifying the compromise
Upon further investigation, the web team established that a ‘plug in’ (a bit of code to provide functionality) used on the site had been compromised. Our client had been the victim of a ‘zero day’ compromise – i.e. the vulnerability was exploited by the hacker before the developers of the plug in had identified the weakness and developed a fix to resolve it.
The cost of not having back-ups
This may not sound like a cautionary tale as restoring the site was relatively inexpensive and easy to do. However, if the site had not been backed up, the web team would have had to commit to a lengthy 12 step process including manually working their way through the site to remove unwanted files and checking logs for malicious activities. This would have resulted in a far lengthier period of downtime – estimated as days rather than hours. Accordingly, the cost of the remediation would have been considerably higher – into the thousands, plus, if it had been an ecommerce site, the company would have lost sales.
If the site had been reinfected after relaunch, the services of a specialist would have been required, adding even more cost and causing more disruption.
The value of cyber insurance
Luckily for our client, their back-up was uncompromised. However, even if it had been compromised, they were in the fortunate position of having cyber insurance which would have covered the costs of getting the website back up and running again. When we helped them review the incident with a view to identifying lessons to be learned, they decided that there was nothing that they would have done differently – all their processes had worked.
Six ways to reduce risks of website compromise
- Run your site on a SSL (Secure Socket Layer) certificate as this encrypts information such as debit or credit card details
- Ensure patches are applied as quickly as possible (under Cyber Essentials, administrators have 14 days to install patches, but we always recommend installing them as quickly as possible)
- Use anti-malware software to identify and prevent malicious attacks
- Remove any user accounts which are not required
- Ensure staff know to flag up anything ‘strange’ on the website whether noted themselves or reported by customers
- Make sure that any user passwords are hard to crack and aren’t shared between users. Even better, find out if your website Content Management System supports 2-factor authentication.
Don’t forget, if the worst happens, having regular back-ups and a log of changes made between back-ups will help you restore your website, protect potential visitors and safeguard your reputation.
Improving your cyber security
No business is safe from attack. We can help you develop a cyber secure culture and achieve the standards required for certification to Cyber Essentials, Cyber Essentials Plus, IASME and ISO27001. Please contact us for more details.