When businesses hear about information security, the focus lies on protecting data in the cloud and data centers, the company’s network, and the physical structure where business operations are run day to day or where sensitive information gets stored.  Employees and IoT devices also fall within the mix of what companies know they need to keep eyes on, but the thought of how a company’s website and online presence puts a business and its data at risk isn’t always in the forefront of the conversation.

 

Recent data shared by Distil Networks on bad bots and their attack on websites tells a different story and why, when you’re thinking about information security, your website needs to be included in your data security plan.  Distil Networks found that:

  • 96% of websites with login pages are under attack from bad bots (bad bots are automated programs used to carry out a variety of cybercriminal activities).
  • 40% of all web traffic in 2016 originated from bots, and bad bots were responsible for 20% of web traffic.
  • 60% of bad bots come from data centers.
  • 75% of bad bots were Advanced Persistent Bots (APBs).  APBs are either sophisticated in that they can load JavaScript, hold onto cookies, and load up external resources, or persistent, in that they can randomize their IP address, headers, and user agents.
  • 90% of websites were hit by bad bots that were behind the login page, including websites with account login sections, payment portals, and transaction platforms.

The websites that are appealing to bad bot actors are those with the following characteristics:

  • Unique content and/or product and pricing information.
  • Sign-up, login, and account pages.
  • Payment processors.
  • Web forms, such as contact, discussion forums, and reviews.

When you add to these findings the state of online security according to a recent report released by IBM, you get an even better idea of how cybercriminals are winning at the moment.

 

  • In 2016, the number of compromised records grew 566%; from 600 million to more than 4 billion.  This is more than the combined total of records compromised from the two previous years.
  • Yahoo’s breach alone leaked more than 1.5 billion records.
  • In the first three months of 2016, the FBI estimated that cybercriminals were paid $209 million via ransomware, putting cybercriminals on pace to make nearly $1 billion from their use of the malware just last year.
  • The most popular types of malcode observed in 2016 were Android malware, banking Trojans, ransomware offerings and DDoS-as-a-service vendors.
  • In 2015, healthcare was the most attacked industry with financial services falling to third, however, attackers in 2016 refocused back on Financial Services.

 

The two separate studies make it clear that organizations still have a lot of work to put forward in information security if they’re going to protect their business.  It’s not only your clients that lose when their data gets stolen, and it’s not only your business either, we all lose.  Cybercriminals are making billions from businesses and customers; and even worse, they’re using that data to create even more damage by selling it to other criminals who steal from these people thanks to the data they’ve acquired.  Furthermore, with smart cities coming about and our water and power grids being online too, we face a potential for real disaster when cybercriminals don’t have to fight that hard to get into a network.  A perfect example is the vulnerability of a mere website.

 

Information security needs to be on top of your list for the growth of your business, but also for a chance for all of us to fend off cybercriminals on an equal plane.  The only way to do that is to implement a cybersecurity posture that is all inclusive, which means working with security professionals who are specialized in all areas of this holistic approach.

 

If you’re concerned with your information security posture, give us a call.  We are here to help you get on track and can tell you where your online security stands at the moment.

 
Schedule your free information security consultation here!

 

Photo courtesy of alexskopje