Embed Size (px)
Citation preview
SiteLockInternet Security: Big Threats for Small Business
Protect your Small Business CustomersThey are a sizable investment
26.9 M
91.8%
61.4%
$11.4T
Small Business Trends; restating US SBA.gov report
Number of U.S. Small Businesses
Percent of U.S. Firm Population (in # of Employees)
Percent of U.S. Business Revenue Earned by SMB’s
One-year U.S. SMB Revenue
Why the SMB Market is at Risk:A closer look
• Over 60% of data breaches are at companies with <100 employees*
• Nearly half involved malware injections• 98% of ALL applications have holes
**
• 68% of vulnerabilities found are XSS**
• Over 6,000 websites are blacklisted every day
*Verizon , US Secret Service Report**HP Security Report
What Website Security Means
• Be proactive• Design and build websites with security in mind
• Take additional care to “harden” open-source applications• Sanitize dynamic content to ensure safety of interaction
• Identify and repair likely vectors for attacks• Code injections• Weak or unencrypted login pages and credentials• Out-dated applications
• Employ non-intrusive security practices to identify and remediate potential problems before hacks occur
• React quickly• Detect and clean malware before websites are blacklisted
Business Impacts of Poor or Reactive Security
• Small business websites can be shut down• Business reputation is damaged• Revenue can be lost• Customer data is at risk• Search engine rankings plummet
The Most Common Threats to SMB’s
• SQL Injections• Poor Server Configuration / Authentication (Credential Theft) • SQL Injection combined with Malware• Malware
UK Security Breach Investigations Report, 2010
The Threat/Vulnerability Evolution
• Cross Site Request Forgery• Cross Site Scripting (XSS)• Buffer Overflow• SQL Injections• Remote File Include (RFI)• Denial of Service
HP Top Cyber Risks Report, Mid-year 2011
Security is a Challenge for SMB’s
InformationWeek Analytics Strategic Security Survey, October 2011
Where do SMB’s Turn for Help?
• Read forums and help websites and fixed it myself• Tried several approaches, but site is still compromised• Followed security company instructions provided• Called a security/IT expert/web developer to sort it out• Nothing – site seems OK now• Abandoned the whole thing and set up a new site with a new provider• Other
Compromised Websites: an Owner’s Perspective; StopBadware.org, CommTouch, 2012
Response from Hosting Provider
• None, never communicated the issue to them• Provided assistance at no cost to help fix the compromised site• No help provided, or refused to respond• Charged additional fees to help fix the compromised site
Compromised Websites: an Owner’s Perspective; StopBadware.org, CommTouch, 2012
The Plan to Fight Back
Technology- Turn-key
- Always on
- Business focus, not IT
- Secure network
- SSL
- Firewall
Process- Security
standards
- Strong passwords
- File protection
- Compliance requirements
People
- Education & awareness
- Test your own site
- Update web apps & plug-ins
The Ideal Complete SolutionWhen considering internet security partners/providers, look for:• A comprehensive set of security measures designed for prevention or
detection. • A range of scans that analyzes all web traffic, network and applications for
threats. • A process design, even the most effective protection cannot stop 100% of
attacks.• A trial to see if it is easy to use, the most effective toolset is of little use if
you can’t figure out how to use it. • Consider solutions with a straightforward user interface or dashboard
that will keep a user informed on what’s going on.
Key take-away: When it comes to website security, prevention is always the best policy.
