In his June 3, 2011, article, Private Business Owner writer Carl Doerksen made it clear that middle-market business owners are at risk of cyber attacks. I wanted to elaborate on this great post and focus specifically on business websites. Whether your business website is a simple online brochure or a complex e-commerce site that processes credit cards and payments, all are being targeted by hackers.
Most business owners place considerable value in their website. A business owner’s website is likely the focal point of their brand online and, in many cases, will host online commerce and other profit center related activities. Still, most middle-market business owners never really consider that their website would be the target of hackers. After all, the national news really only reports on hacking incidents that result in name brands who have compromised credit card information for millions of their customers. This is misleading as hackers have very specific interests in your website. Here are the top three reasons why a hacker would target your website.
1. Search Engine Manipulation
Search engines like Google and Bing use mathematical formulas to place value on any given website. Small to medium-size businesses who have had a website for a number of years and have been active online likely have a decent ranking by the major search engines. Hackers have a specific interest in hijacking this value to promote their own initiatives.
Google’s Adsense keyword tool, for example, reports that there were a little over 6 million searches last month for Pfizer’s trademark Viagra. Though there are entire networks of reputable pharmacies that carry Pfizer products, there are also many online pharmacies that sell illegal knockoffs of brand-name drugs, creating huge losses for companies like Pfizer.
If a hacker representing an illegal online pharmacy effort can hijack your site’s strength to push links and landing pages to their e-commerce site, even for a few hours, they can make huge profits. If you think about it, with 6 million searches a month in Google alone, a hacker with a 5% click-through rate on a top hit in Google could push 15 potential customers a minute to their site. Still, they don’t just target one site and one keyword–they target tens of thousands of sites and keyword combinations. Yours would just be one of them.
2. Phishing Expeditions
Phishing is a computer hacking technique that attempts to get a visitor to provide vital information such as credit card numbers, social security numbers, or even banking passwords on a site that looks like an official site. For example, an average phishing attempt will send out 100,000 emails to randomasking them to reset their password at Chase.com. If 10% of those recipients are actually Chase customers, they might be enticed to click through. Where they are sent, however, is not Chase.com, the company’s official website. They are sent to a landing page that looks exactly like the Chase website but it is parked among the pages in your website. The reason they do this is that hosting companies quickly shut these down and they need to be able to park thousands of these pages so they can switch them on and off as they need them. Your site could make the perfect parking spot for entire groupings of these pages representing every major bank on the planet.
A botnet is a network of “robot programs” that can be awakened to carry out the activities of illegal online hackers. Let’s say, for example, that a radical group wants to generate millions of website calls into a political candidate’s website in order to shut it down. This kind of attack is called a “denial of service” and is generally done out of protest. In simpler terms, it would be like having 100 fax machines continually dial city hall in an attempt to tie up their phone systems as a protest against an increase in property taxes. Though it seems childish and ineffective, it happens all the time online.
The problem is that the hacker needs tens of thousands of computers in order to carry out one of these tasks. If they can park “bots” or tiny dormant programs on thousands of computers that host websites, they can wake them up to carry out this task when the time comes. For all you know, you could be hosting a dormant bot on your website right now.
What Can You Do?
There is an entire industry of affordable security software and services providers that can help you, name-brand security companies such as Semantec and McAfee to boutiques like Sucuri and SecureLive.
Also, good reputable hosting providers will scan their computer networks looking for the types of computer programs that carry out these types of attacks. In many cases, they’ll proactively notify you if your site has been infiltrated. This is one of the important reasons to outsource the hosting of your website to a quality provider versus trying to run your own web server.
© 2011All Rights Reserved