Protect Your Website!

Organizations are getting smarter to protect their websites from Hackers and other vicious attacks out there. Everyday in the news there are reports of major breaches with security relating to large and small organizations.

The good part is that organizations are paying attention and the threats to their websites are down since last year. IT departments have become proactive to protect their websites and company networks.

What every organization should be aware of is that Hackers tend to be one or two steps ahead of the game, so those vulnerabilities can always be a threat.

PCworld.com talks more about IT Security for websites:

The vulnerabilities are contained within custom website code and are not issues that can be fixed by applying patches from, for example, Microsoft or Oracle, Grossman said. According to WhiteHat Security statistics, it takes organizations an average of 100 days to fix about half of their vulnerabilities.

The risk is that vulnerabilities which haven’t been speedily remedied could be found by a hacker, resulting in a high-profile data breach such as those that affected Sony, the analyst firm Stratfor Global Intelligence, and AT&T.

Hackers are honing their skills and are becoming better focused. They are using a wider array of improved tools in order to find coding problems in websites. “Offense gets better every year,” Grossman said.

Security analysts in Grossman’s company constantly try to hack websites belonging to major financial institutions and other companies — with permission. Developers in those companies don’t tell WhiteHat when they roll out new features or make changes. WhiteHat’s hackers go to work, trying to find cross-site scripting flaws, SQL injection or information leakage vulnerabilities.

“We are constantly smashing [websites],” Grossman said. “We’re LulzSec or Anonymous 24/7. We don’t stop.”

Companies decide whether they want to fix the problems, which often involves reassigning a developer working on a new feature that the business needs to roll out, Grossman said. It’s a gamble whether or not to fix, since the vulnerability may never be found by a hacker but could cost the company dearly if it is.  

“Do you take the developer off that [project] and put them on correcting a vulnerability that they know they have but may or may not get exploited and may or may not cost them any money whatsoever?” Grossman said.

Written by IT Management and Consulting Professionals at FedSolutions.  Thanks for stopping by!