It’s that time again, where we look back at the year passed and assess how the threat landscape has changed—for better and for worse. The 2013 Verizon Data Breach Investigations Report (DBIR) reveals that last year was not only defined by the varied nature of cyberattacks, but also by the increased frequency of these incidents in general. Perhaps more so than any other year, “it will happen to you” was certainly the overarching theme. From tech giants to mom-and-pop storefronts, few organizations seemed immune to web-based threats.
However, despite this doomsday-esq verdict, there is light at the end of the tunnel. Websites are reducing their overall vulnerabilities, meaning education and better security practices are having an impact. But, as the digital landscape continues to expand, there are still many more valuable lessons that businesses small and large must learn in order to stay one step ahead of cybercriminals.
Below, we highlight some key takeaways from this year’s DBIR and discuss what they mean for your online business.
1. Protect Your Passwords
For businesses and consumers alike, password safety is a crucial part of keeping sensitive information out of the wrong hands. However, when not implemented properly or poorly protected, passwords can turn into an Achilles heel. According to the 2013 DBIR, 76% of network intrusions exploited weak or stolen credentials to get into backend systems.
Implementing password safety and compliance protocols for employees is a crucial part of keeping your site secure. Always use strong password controls for admins, and protect against phishing scams by teaching employees not to share logins as well as enforcing good security practices like no credential reuse. Additionally, changing passwords regularly for important functions will help reduce the damage in the event that one is compromised.
2. Don’t Skimp on Vulnerability Scanning
When budgets are tight, security is often one of the first areas to feel cutbacks. However, with 66% of breaches taking months or more to discover, vulnerability scanning is one item that should never be axed. The large majority of websites have at least one serious weakness that, if left unattended, could lead to a security breach. The potential financial implications of these vulnerabilities going unnoticed for any length of time could be extraordinarily costly, if not fatal to some smaller sites.
Implementing a website vulnerability scanning service like the McAfee SECURE™ service can help online businesses identify latent threats by scanning daily for thousands of vulnerabilities. Even if you have firewalls and other security measures in place, it’s crucial to frequently check for new threats—before cybercriminals find them first.
3. Hackers Follow the Money
While this many not seem like any great revelation, the fact that the overwhelming majority (75%) of breaches were driven by financial motives means that any online business, regardless of size, is more of a target than ever. The threat from money-hungry organized criminal groups as well as opportunistic lone hackers continues to grow, putting both individuals and businesses at risk.
The financial incentive has made online retailers especially tempting targets, with sensitive customer information as well as their own company bank accounts now on cybercriminals’ radar. Additionally, the ongoing lack of PCI compliance among small to medium sized businesses, has made them even easier to exploit versus their larger, better-protected counterparts.
While no one is ever completely safe from determined hackers, taking the necessary steps to protect your business through strong and varied passwords, vulnerability scanning, and other protocols is an important start. As the sophistication and severity of cyberattacks continue to increase, there is little doubt about the risks of failing to follow appropriate security measures.
Share your thoughts on this topic in the comments below, and be sure to follow us on Twitter at @McAfeeSECURE for the latest eCommerce news and events.