Imagine you are on vacation and are not at home for a few weeks. In your absence, someone breaks into your apartment and makes himself at home there. He searches your cupboards, he reads your mail and may even find a letter from your bank with your telephone banking password. He may then use your bank details for online orders and your apartment becomes a warehouse for his drug deals. Or he rents your apartment to other crooks. And you are not aware of any of this.
The situation is very similar when a website is hacked: Cyber criminals take control and use it for their criminal purposes. Often this happens without the owners of the website noticing anything. Every day, this happens more than 90,000 times worldwide. That is why you should definitely secure your website. Why? We’ll explain it to you here:
- Website hacks often have serious consequences
- The threat situation in numbers
- Website Security: Myths and Facts
- Myth 1: Our small website is not interesting for hackers, there is nothing to get from us.
- Myth 2: We have a CMS. The security professionals of the manufacturers take care of security.
- Myth 3: We don’t use a CMS – so we are safe.
- Myth 4: How to use long and complex passwords and automatic updates.
- Myth 5: We visit our sites regularly – irregularities are noticed immediately.
- Myth 6: We use SSL encryption and are thus protected.
- 4 reasons why you should secure your website now.
- Secure website – made easy. This is why you need a website security solution
Website hacks often have serious consequences
Attacks on websites are constantly on the rise. Hackers steal customer data and business-critical information automatically and on a large scale, infect website visitors with malware (malicious software), misuse the site to send spam e-mails, try to manipulate search engines with third-party content and links, or rent server performance and web space to other criminals.
The consequences of a successful attack are usually serious: For many companies, websites play an important role in their business processes, for example for sales or support. Or the website is the basis for digital services or for project management. Every outage costs money and time. It disrupts processes, affects reputation and customer trust. A hacked website can also become a gateway to penetrate the corporate network.
It is not uncommon for hacked websites to be inaccessible for extended periods of time because the hackers redirect visitors to other websites or search engines block them. The site detected as compromised is then simply no longer displayed. SEO spam, defacement of the page (defacement) and security warnings by search engines can permanently damage a brand. It may even happen that the cyber criminals encrypt your website’s database and then demand a ransom.
The threat situation in numbers
- Every week, Google’s Safe Browsing service identifies thousands of manipulated websites with malware
- Nearly half (44 percent) of all web professionals have experienced successful attacks on their clients’ websites; for service providers with more than 20 clients, the likelihood of experiencing a hack rises to 55 percent
- 13 percent of all serious security incidents at SMEs (small and medium-sized enterprises) are a result of website hacking
- DDoS (Distributed Denial of Service) attacks on web services are on the rise again, using more bandwidth and getting longer
Google puts more than 10,000 suspicious websites on its blocklist every day. These can lose up to 95 percent of their organic traffic as a result
Website Security: Myths and Facts
Even among professionals, there are still persistent beliefs about website security that have unfortunately long since been disproved by reality. Here you can find out why these myths are not only wrong, but also dangerous.
Myth 1: Our small website is not interesting for hackers, there is nothing to get from us.
Unfortunately, this is a misconception. Because most attacks on websites are automated, they do not differentiate between website size or damage potential. Up to 80 times a day, websites are attacked and tested for vulnerabilities by scripts – including yours. WordPress site hacked? What to do? Learn more!
Myth 2: We have a CMS. The security professionals of the manufacturers take care of security.
On the contrary. The popular content management systems, which are also used primarily by small and medium-sized businesses, are targeted by criminals for precisely this reason. More than half (56 percent) of all websites worldwide use a CMS. The risk is particularly high for CMSs that use an SQL database. Here, there is a risk of SQL injections, where malicious code is injected into the database via a vulnerability and executed.
Myth 3: We don’t use a CMS – so we are safe.
Beware: Perhaps your website uses JavaScript. A study of over 400,000 websites showed that 77 percent of them used at least one frontend JavaScript library with a known vulnerability (e.g., JQuery). JavaScript is thus vulnerable to cross-site scripting attacks, for example.
Myth 4: How to use long and complex passwords and automatic updates.
Up-to-date systems and strong passwords are important because they reduce vulnerabilities and make brute force attacks more difficult. However, they do not provide one hundred percent protection. Many vulnerabilities cannot be patched automatically for a variety of reasons. Moreover, professional hackers immediately analyze the new security patches of their target systems and often launch a customized attack within a few hours.
Myth 5: We visit our sites regularly – irregularities are noticed immediately.
Don’t be so sure! It is true that many popular hacking variants are quickly noticed, for example SEO spam or redirects. However, the experience of security service providers shows that there is a trend towards “silent” attacks (“stealth attacks”) without any symptoms visible to website operators, e.g. JavaScript files that infect visitors.
Myth 6: We use SSL encryption and are thus protected.
Transport encryption SSL (Secure Sockets Layer) or today TLS (Transport Layer Security) is a mandatory protection for your website and today also an important ranking factor. Unfortunately, this only encrypts data transfers between your website visitor’s web client and your web server and not the information in the database. Thus, it makes hacking and eavesdropping attacks more difficult, but it does not protect against malware, SQL injection or DDoS attacks.
4 reasons why you should secure your website now.
- Every website is exposed to attacks every day.
- Websites with CMS are especially vulnerable.
- Websites need protection against many different threats.
- For comprehensive security, your website needs a special shield.
Secure website – made easy. This is why you need a website security solution
Now you know the threats. Act now. If you want to secure your website, you can of course perform the necessary regular checks and adjustments manually, or use various tools for malware scans, vulnerability scans, backups etc. However, using a professional website security solution is more reliable and requires much less effort.
