Web servers are a popular target for cybercriminals, and it can be difficult to spot that a web server’s security has been compromised. Active risk management around website architecture and maintenance, along with vendor management, is essential to preventing this risk.
Organisations sometimes focus on securing their network but overlook website security. While there may be no direct connection between your website and internal IT system, cybercriminals see websites as a valuable target. We provide clients with insight into current threats and we can refer you to our expert partners who can help you to protect your public-facing websites.
Cybercriminals can compromise your website applications to steal data users provide to the website, such as payment card information on an e-commerce site, or identifying personal information such as government identification numbers that the cybercriminal can use for impersonation and fraud.
When cybercriminals use stolen payment cards, they often run small-value transactions first to test that the cards are valid. To do that, they often target websites that accept payment cards—charity or crowdfunding sites are popular because of their donation pages. A compromised website can saddle the website owner with tens of thousands in payment card fees just from many small test transactions.
Websites can be defaced for political, activism, terrorist related reasons, or to add pressure in a cyberextortion attack. Defacing a website may also be a way for a hacker to demonstrate their competency. Cybercriminals can also exploit an established website, making changes that redirect web traffic to a malicious or fraudulent website instead, a tactic often seen in cryptocurrency scams.
If website forms are not designed properly to validate information that is entered into the requested form fields, cybercriminals can use automated queries to overwhelm the website and crash it. For more, see here.
The number of services, frameworks, and applications on a web server can make it challenging to ensure that they are security patched regularly and successfully. Having a third-party expert independently verify the work of the security team protecting the website can be very helpful. Also, if your website is managed by a third-party provider, your service agreement with them should specify a definite time period in which they will patch your assets.
Using a payment processor can prevent the need to store payment card information. An Iframe (or inline frame) can be used to embed interactive elements onto a webpage so that sensitive information (such as payment card data) is sent to the appropriate processor instead of being stored within the website directly. This can limit the information available to a cybercriminal even if the website is compromised.
A CDN can enable the distribution of web content across a larger area, and enhance security. CDNs often have a level of resilience that exceeds the capabilities of most organisations’ security measures. As a result, DDoS attacks are often less effective when targeting websites that have their traffic routed through a CDN.
If you do get a ransomware infection - Bullwall detects encryption of files and triggers an automatic response, minimizing damage. Receive 50% off on installation cost, and up to 25% on licences.
Up to 25% off on KnowBe4’s anti-phishing tools, including simulated phishing campaigns and interactive awareness training.
Up to 60% off on Trellix’s Email Threat Prevention - prevent email threats and address business email compromise risks.
We offer our cyber policyholders a range of risk management offerings designed to improve cyber
Policyholders who experience an actual or suspected website compromise incident should notify us immediately.
The first reaction is often to roll back the website to a previous safe version, but that could prevent you from learning what the cybercriminals have done. If this happens, you may have to guess how many individuals have been affected, increasing your response costs and possible third-party claims. We recommend that you use experts to help collect the evidence of a compromise and restore the website to a usable state.
