How to protect your website from a smash-and-grab
Johannesburg – Hacking a website used to be a fairly complex and specialist business. H@xx0rs (I’m sure most hackers still refer to themselves that way) were not only excellent software and operating system engineers, but also resourceful in an age where access to fast Internet and useful information was difficult to find.
Hacking as an activity has, over the years, received a lot of “buzz” as something cool kids do. Shows like Mr Robot, most recently, but also the mid-90s cult classics like Hackers and Ghost in the Shell, inspired a whole generation of would-be script kiddies (including myself) to learn all the ins and outs of how to get into a network and source the information on it.
Fast forward 20 years and the landscape has changed significantly. People need look no further than typing “how to hack a website” into Google and being presented with a number of options and tricks, including downloadable scripts and instructions. They then use their high-speed fibre line to get it going.
Websites, despite advances in technology, have never been less secure. Tricks that took hours of chat reading and asking questions on forums are now shared in minutes amongst communities on 4chan, darknet and hacking channels on telegram. Communities debug each other’s code, develop completely secure browsers and generally try to have each other’s backs.
It’s hard to answer why they do it. For some it’s about showing off, for others it’s a genuine interest in the data but, in a strange way, most do it simply because they can and it gives them a thrill to pull it off. The onus on the developers of these platforms – to ensure data security and up-time for platforms – has never been more important. A quick look through our weblogs shows that the wp-admin login page on the WordPress sites that we are managing are receiving, on average, a login authentication script for automating attempted logins once every minute. This is almost 10 times what they were this time last year.
Potential damages and repercussions of lost data integrity
The two major concerns about being hacked are data loss and platform availability. While our personal information has never been less private (just ask Mark Zuckerberg), if your company announces that personal information has been leaked through a hack, you’ll see your stock shares plummet and the integrity of your company and brand questioned.
A DDoS attack that caused World of Warcraft to be shutdown in 2014 caused an estimated loss of 10s of millions of dollars to the company.
Methods for preventing a hack
The best way to prevent security breaches is by pro-actively monitoring your platforms and implementing solutions to issues before they become a problem. Fortunately, there are a number of amazing resources available online to help, such as automated audit systems.
Site audits and tools for proactively avoiding a hack
At Stratitude, we develop marketing platforms that are delivered through browsers and apps. This means we capture people’s information and have no intention of ever letting that information fall into the wrong hands.
We’ve experienced the distress of a client after a hack, when it’s late at night and they are desperate to get their site back up after their previous vendor forgot to update their WordPress. We’ve developed a number of tools and techniques to make sure we’re on top of things, and we pro-actively monitor communities and their chats to make sure we remain as secure as possible.
It’s unfortunate to say – but also realistic – that nothing is ever truly secure. Nor will it ever be. However, hacking is a risk that can largely be mitigated and most issues and concerns are preventable.
About the author: Neil Bromhead is the Digital Director at Stratitude.
Stratitude is a full-service marketing agency that provides strategic and creative solutions focussed on making an impact on their clients’ brands and their bottom lines. For more information visit www.stratitude.co.za or call us on 011 449 7333.