A company’s website is its face to the world. In the digital age reputations and entire brands are now built on the back of a website. This exposure helps a company reach a wider audience but also increases its “attack surface” by opening up the company to various vectors for cyberattack from across the planet. The more popular the website, the more traffic it receives, the higher the likelihood its being probed with invasive and non-invasive reconnaissance to stress test its vulnerabilities. Oftentimes, a company can be blissfully unaware that their website is under a sustained cyberattack until it’s too late. A hacker can be hiding in a website’s code by inserting a script called a “backdoor” that allows them to come and go as they please without alerting the owner.
There are countless case studies about Fortune 500 companies and government agencies with entire security teams that were caught blindsided when their websites were hacked, defaced, and taken offline. Taking into the account the advent of automated hacking tools that can scan and crawl the web to find website vulnerabilities means criminal enterprises in foreign lands are constantly doing reconnaissance to discover “low hanging fruit”–that is, poorly secured websites with lax cyber hygiene. For business owners who cannot compete with the resources that much larger companies spend to secure their websites there are a number of options available to make sure your organisation does not become a casualty–you don’t have to be faster than the tiger, just faster than the slowest person trying to outrun the tiger–which means installing a Web Application Firewall or WAF.
A good Web Application Firewall will automate security scans that protect website files from unauthorized changes. It should also include login security that protects the website from a Distributed Brute Force attack, where a botnet attempts thousands of different username and passwords, by locking out invalid usernames and enabling 2 factor authentication. It must be said a Web Application Firewall is not the silver bullet for website security. Your IT guy should also be able to patch known website vulnerabilities, a process called “hardening”, but your WAF is a good first step towards a more secure website. Nevertheless, a good Web Application Firewall is the first step to making sure your company is not the “low hanging fruit” in this brave new digital world.