Every day we hear about another website being hacked. The terms phishing, DDOS, brute force, downtime are found in many reports. In this blog, I specifically focus on defacement and the effect it can have on your business.
Often viewed as a minor form of cyber attack, the long-term effect carries a significant risk. Hackers inject code into a site to add popups, images or text. Attackers often deface a website to distribute a message, also known as hacktivists, or they may simply make fun of the website owner for not having adequate security.
There are three main issues that arise from a defacement.
The Customer
The internet is a fast paced environment where every second is precious for a user. If a customer goes to your website and finds an offensive political message then the result could be that they simply leave and do not return.
Reputation
Secondly, if it’s not clear that your website has been defaced by a hacker then the customer may believe that it was set up by you. As public image is of increasing importance in business operations this would come as a huge blow. If the defacement is particularly derogatory it could cause public rants on Twitter and negative reviews.
In some cases, if your website is relatively high profile, it can be picked up by the media. This is exactly what happened to MIT back in 2013 and Lenovo in 2015.
The Future
Lastly, it will also cause your customers and investors to question your ability to store sensitive information. They may stop trusting your website altogether and this can lead to revenue loss.
So how do I fix it?
If your site has been hit by a website defacement, contact your web developer or web security expert to get it removed. Once it is, conduct a vulnerability assessment to avoid it happening again, because it can, MIT.
Also, check if any data was stolen during the defacement because this can be expensive to put right.
How to avoid it?
Make sure security audits include penetration testing, that your SQL is protected and that you’re defending against Cross-Site Scripting (XSS) attacks.
Lastly, consider monitoring and detection tools that prevent and alert you to any possible attacks. That’s what we do with ionCube24, our customers are protected from defacement and intrusions as well as PHP error reporting and server monitoring. With new features being added all the time, it’s a great time to try out our 14-day-free trial!
Image source: @gbrumfiel