Understanding the threats to your website security (and what to do about it)
We’d been planning on writing this blog for a while but now, the week after the actual internet got hacked, it seems like an ideal to focus on website security. You may think that I’m exaggerated when I say the internet got hacked but, no, this actually happened and it broke the internet because targeting one thing brought down Twitter, Reddit, Spotify, Etsy, Box, Wix sites, SquareSpace sites, GitHub, Airbnb, Freshbooks, Quora, MySpace, Pinterest, SoundCloud, Zoho, New York Times, Starbucks, Indeed, Xbox, Twilio, ZenDesk, Yelp, Survey Monkey, SoundCloud and actually a whole heap more. So, yeah, the internet got broken.
How can you break the internet?
- Do a Kim Kardashian and pose naked with a glass of champagne on your derriere; or
- Orchestrate a DDoS attack on one of the main DNS service providers, Dyn
Recent times have seen both happen. Dependent on who are you, both could potentially pose a risk to your business with it being far more likely that (b) is a greater risk. Not sure? The recent disclosure of the Yahoo hack has reportedly wiped a $1 billion of the sale price of the company. Cyber security, for something so simple and important, is so easily overlooked by so many.
What did they do?
Orchestrating a DDoS attack on a DNS service provider is probably a whole heap of meaningless jargon to most people.
What is a DDoS attack?
DDoS = Distributed Denial of Service and what this means is that, in a deliberate attempt to overload the target, a huge volume of traffic is sent to one location. In crude terms, it’s the malicious equivalent of the Glastonbury site going down when tickets are released for sale due to so many people doing the same thing at once. The difference being that one is orchestrated to cause harm and deliberately overload a site and the other is insufficient hosting/bandwidth to cope with the volume of traffic.
What made this DDoS attack different?
Last week’s website security hack was different because it didn’t target one website: it targeted the infrastructure behind numerous websites which is what caused such widespread disruption. The DNS service is the internet equivalent of the Phone Book (from the good old days) and it basically matches up the words you type into the address bar to where that website actually lives on the internet. There are various DNS providers - some are bigger than others and Dyn is one of the biggest and is responsible for the matching up of some sites online.
This means that, when their service was disrupted, all those sites couldn’t function.
The other possible threats to your website
The threats to your website include:
- Hacking - this is trying to gain unauthorised access to a system, usually by exploiting some vulnerabilities in the system security.
- Data breach - when your business data is ‘lost’ or stolen
- Ransomware - when someone takes control of your system or data and holds it ransom until you pay them to release it
- Malware - short for ‘malicious software’, this is something that once onto your system will allow unauthorised access or damage
- Virus - is a type of malware that typically is loaded onto your system without your knowledge and against your wishes to mine information or cause damage eg wipe files
- Spoofing - when someone pretends to be something it’s not, for example, if somewhere were to pretend to be your bank in order to gain your details.
How to keep your website secure
- Install anti-virus - to identify those viruses that try to attack your machine.
- Use a firewall - this controls traffic into and out of your network/system.
- Generate strong passwords and change them periodically - making it harder that you can be hacked via a brute force attack.
- End-to-end encryption - like SSL or HTTP/2 that ensures that any data transferred between your systems is secure the for the length of the process
- Keep software up-to-date - when vulnerabilities are identified, they are safeguarded against with security patches which trigger an update. This is why you need to keep your software up-to-date.
Need help to figure website security out? Get in touch, have a look at this or tweet me @anthonyjohns0n to ask for some specific advice.
You might also be interested in: