It feels like we can hardly go a few days without hearing these terms in the news: data breach, DDoS attack, malware, ransomware, phishing scheme, hacker. The need for advanced web security is a critical issue that simply cannot be ignored. Certain industries are more vulnerable than others, but everyone is a target.
Before we get into the top five industries most vulnerable to attack, let’s talk about what’s at stake. An understanding of what hackers do with your data will help to illustrate the potential magnitude of a data breach.
What are hackers looking for?
Hacking takes time, effort and risk, so you might wonder what’s in it for them. That’s easy: Personally identifiable information (PII). PII is data that can be used to identify, locate or contact a specific individual — name, address, birth date, social security, credit card number, etc.
Hackers generally seek out PII for two broad reasons:
- Political gain (nation-state attacks)
- Financial gain
The latter is the much more common and consistent motive and, therefore, is what this post concerns.
Personally identifiable information
Hackers rarely have a direct interest in your PII — they make money when they sell records, typically in bulk, on the dark web (online black market). The dark web lives on hidden, encrypted networks that require special software to access. Tracking down and prosecuting dark web users is difficult, because their locations and identifying information are virtually untraceable. Cyber criminals go there to buy PII records, usually to commit identity theft in one form or another.
What’s your customer’s data worth? A full set of personally identifiable information is typically bought by a thief for a median cost of only $21.35.
Those who buy the PII data then mine the information for valuable accounts. If passwords were stolen in a data breach, cyber criminals will use them to attempt to gain access to additional online accounts since most people reuse the same login information across all their accounts.
So while it might not seem like an element of advanced web security, keeping your passwords strong, unique and fresh is an essential practice.
While PII might be used as blackmail or to demand a ransom for its return (the basis of ransomware), hackers typically sell it without interacting with its real owner. And although most sites on the internet store valuable user information, industries that handle credible PII directly are most vulnerable to attack.
5 industries that really need advanced web security
Yes, every business that gathers or accepts personal data is a potential target. Yet some industries are at a higher risk for online data hacks because of the type of information they store. Here are the top five.
Do you run a business in one of these industries? You might need to boost your security measures to keep your clients — and your business — safe.
Healthcare was cited as the primary sector targeted by hackers in 2016 and is projected to remain the top target. This industry handles a relatively high amount of PII information, including contact info, health insurance details, social security numbers and payment info. In short, it’s a hacker’s gold mine.
Hospitals, in particular, are a major ransomware target. Just one successful attack can lock down computers and equipment. The ransom demands are typically met given the level of private information and the physical lives at stake.
2. Financial services
The desire to hack financial services companies should be pretty obvious by now. In addition to credit card details, hackers who breach financial service websites often gain access to social security information, bank accounts, investment information and tax records. It’s not uncommon for cyber criminals to use this PII to file fraudulent tax returns, pay bills, steal money, apply for loans, etc. Major financial corporations are a top target for stealing the PII of the elite and wealthy.
3. Government agencies
Government agencies manage a wide-range of citizens’ PII, including social security numbers, driver’s license records, healthcare info and tax records. Couple the sensitivity of this information with an industry that has struggled with cybersecurity funding constraints, and you can understand why this sector is a prime target. In addition, government agencies are the top candidate for nation-state attacks and hacktivism, which are driven by socio-political motives beyond the lure of financial gain.
The sheer quantity of online sales taking place across the internet on a daily basis makes any eCommerce business a target. Hackers are looking to score massive numbers of credit card, identity and billing-related records.
Businesses that handle payments through external vendors, and therefore don’t receive or store credit card info themselves, aren’t as valuable to hackers.
A breach of PayPal itself, on the other hand, would be a cyber criminal’s dream. The bigger the operation, the higher the reward.
The transportation and logistics industries have become a major hacking target as these global systems have become increasingly digitized to meet demanding consumer needs. Transportation companies handle a plethora of highly accurate, cross-industry data that is passed between platforms with varying levels of security. These practices often provide an opening for hackers.
The consequences of a data breach
According to IBM’s 2017 Cost of Data Breach Study, the global average cost of a data breach is $3.62 million — and that massive figure is down 10 percent from previous years. That breaks down to an individual average cost of $141 per lost or stolen record. If you’d like to take a look at the cost of a data breach for a specific scenario (location, industry, various cost factors), check out IBM Security’s cost calculator.
When a breach occurs, an organization has to shell out money for consumer notifications, post-breach consumer protections, compliance fees, public relations programs or crisis communications, legal fees and security enhancements.
As if the dollar cost of a data breach wasn’t high enough, the hidden or long-term costs can be devastating to a business and its livelihood. Consider factors such as brand reputation, consumer trust, the theft of proprietary information, lost contracts, increased insurance premiums, operational disruptions and hampered talent acquisition.
The time for preparation is now.
Get advanced web security now
With valuable PII and potentially extreme liability at stake, advanced web security is a no-brainer. We’ll go over some strategies to protect your site against hackers, but you can also purchase a comprehensive, affordable service called GoDaddy Website Security, powered by Sucuri to automatically protect your site 24/7. This flexible tool scans your site daily to find and remove threats, protecting your site visitors from malware and keeping your site off Google’s blacklist.
In the meantime, here are some best practices to implement now.
Let’s start with the low-hanging fruit among advanced web security tactics. Security patches and software updates are released for a reason — to keep up with the latest known threats as they emerge. Download the latest version of your software immediately to protect yourself from newly discovered security vulnerabilities.
Back up your data frequently — and consider backing up to multiple locations (i.e., a hard drive, cloud server, etc.). Whether you run into physical complications, like malfunctioning hardware, or attacks of a different kind, such as ransomware, it pays to have a backup in place.
Get an SSL certificate
You’ll find SSL certificates on every list of advanced web security best practices. SSLs use encryption technology to keep data safe as it moves between your site and your customers’ devices. Hackers might still see some non-critical data, but they won’t be able to get what they want: personally identifiable info.
Install a Web Application Firewall (WAF)
A WAF is a cloud-based firewall that screens your website traffic for threats like SQL injection attacks and comment spammers, while also turning away DDoS attacks. This advanced web security solution is essential to helping keep malicious code from ever reaching your website. Bonus — GoDaddy’s Website Security, powered by Sucuri comes with a WAF for deluxe plans.
Encrypt data at rest
Data at rest is anything stored on a hard drive, laptop, flash drive or in some other way. It might be harder for thieves to get because it’s not being actively transmitted, but if it includes PII, you can bet hackers will try. Worst case, a hacker who gets in could encrypt it themselves and hold the decryption key ransom. Read more about data at rest here.
Lock wi-fi networks
If you need to use a wi-fi network, make sure it’s well-protected. Disabling the service set identifier (SSID) broadcasting function will hide the network from those without the exact network name.
Install security applications
There are a variety of free and paid security applications that obscure hackers’ visibility into your sites’ build and settings, which might be robo-targeted for vulnerabilities. While such applications aren’t as effective as a WAF, any solution that makes a data breach harder for hackers is a security win.
Change login info often, tighten access control
Require frequent password updates and strong passwords. Never write down or share passwords — especially by email. Limit login attempts, force temporary login data to expire within a short timeframe, and enforce very limited access to admin-level site access.
The No. 1 tool in any advanced web security strategy is simple: ongoing vigilance. Just as soon as web security providers kill one malicious ploy, another one emerges. Staying abreast of current and upcoming security alerts will help you and your employees avoid known hacking schemes. Be sure to implement the proper solution or training promptly because the consequences of inaction are just too great. And hackers never rest.
Check out this excellent post for more security best practices for eCommerce sites.
Victory to the watchful
With the hacker ecosystem growing and malicious, automated software running rampant, there’s no excuse to leave advanced web security on the back burner. No industry is immune to these threats, and the protection of your customer data means the survival of your business. Put a thorough protection plan into place today.