Analysis of impacts of web-site compromisation
Today, with the proliferation of open-source technologies like WordPress, Joomla and other Content Management Systems (CMS) people around the world are able to quickly establish a virtual presence with little to no cost. In the process however, a lot is being lost in terms of what it means to own a website. We are failing each other, we are not setting ourselves up for success. We are learning the hard way what large organizations already learned – being online is a responsibility and will eventually cost you something. What are the impacts of these hacks to your website? To your business?
The Effects of a Hacked Website
If you are a large organization, maybe you can quickly understand the impacts of a hack. Say you’re a Facebook? What would be the value for a hacker? I’d argue a couple of things come to mind quickly – you have what is known as Personal Identifiable Information (PII) – always a good thing, and you have the ability to abuse the largest network in the world and affect millions of users world wide. There are obviously a number of other motivations, but the point is the same. The objective[s] is clear and Facebook knows it, and so they invest heavily in its security. The impacts of such a breach could be devastating, think loss in ad revenue, loss in user adoption, etc… This is all common sense, right? It all just makes sense, but how does that translate to the rest of the online world? The 99% of us that don’t own Facebook-like properties?
When you’ll speak to website owners, there is often a common trend with the responses you’ll get:
– I don’t sell anything or store any information, my website is fine.
– It’s just a basic little site, with static content.
This is not their fault. To a certain extent, they do have a point. When you think about it rationally, why would someone bother? With those in mind, let’s talk about four potential impacts after a hack. Things you might be aware of, but honestly possibly things you haven’t given much thought to.
Be Mindful Of Your Audience
Maybe you write about puppies, or maybe have a website to provide your clients with assurances that you are real. Whatever the reason, something has driven you to publish something that you feel is of some interest to someone, and you’re likely right.
In doing so, you have identified a potential audience and as it is on the web. That audience will at some point find your website. Whether you are a local gym posting your gym hours, or maybe a local restaurant showing today’s specials. The subset of people that have found their way to your website expect and demand a safe experience, even if they’ve never uttered the words.
The easiest way to digest this point is to think of yourself. Think of the websites you might spend your days visiting. Now try to fathom your feelings if while visiting a website you lost your life savings. Try to think of what you would feel like if someone stole your identity.
Should we worry about giving your visitors a safe online experience?
Google Does Not Discriminate
Contrary to popular belief, Google does not discriminate. Even if you do not sell, you are likely trying to achieve something. If you’re not, then what are your reasons for publishing online? Establishing a voice, sharing an opinion, or having a presence? What webmasters are almost always worried about is something known as Search Engine Optimization (SEO), more importantly how you rank on the Search Engine Result Pages (SERP).
Safe Browsing shows people more than 5 million warnings per day for all sorts of malicious sites and unwanted software, and discovers more than 50,000 malware sites and more than 90,000 phishing sites every month. – Google
You could lose and you will lose all the hard work you put in to gain that SEO ranking in minutes. Just imagine that after a blacklist it could take you months to regain your position on these SERPs. Also remeber that a Google Blacklist has the potential to kill almost 95%, if not more, of the traffic to your website.
Something Known as Brand Reputation
Regardless of your business, you have a brand. Whether you realize it or not, and regardless of the size of your audience, trust is an important piece of the puzzle. Many take this for granted, but it’s critical to the success of many businesses.
It can take years to build, and minutes to lose. A hacked website is notorious for destroying trust. Whether its a data breach or a drive by download that infects the visitors desktop. The result of either action, or one of many more nefarious acts, will almost always lead to the same thing – a loss of trust in your brand.
Is that ok with your audience losing trust in your brand?
Hacks Cost You More Than Money
I think it’s human nature to think, “This is not meant for me” or “I’ll just deal with it when it happens.” I can tell you though, from years of doing this work and countless engagements with website owners, the cost of a hack is always more than you can ever imagine. The response security analysts always get is the same, “If I only knew it would be this painful.”
As a species, we are risk adverse when it comes to gains, but risk seeking when it comes to loss… – Bruce Schneider
When we say cost, it’s important to note that it goes far beyond money, although that can be crippling as well.
No, instead of talking about things you will likely never appreciate until you experience it. Things like the emotional toll of not knowing what just happened. Things like the hours you will spend arguing with hosting providers, developers, security professionals; if they would all just understand how important it is to get back online. Things like the fear that you missed something in the clean up process, which only becomes worse if you did and suffer repeated reinfections. Things like the new fear of being online at all, of using technology as a whole. All this is exasperated by one simple thought, “Why didn’t I take precautions?”
As surreal as these sound, these are the real costs of a hack. The money is easy to account for, as a business you take that risk; the smaller a business, the more likely you are to take the risk, the larger you are, the more foolish it is to take the risk. It’s the non-monetary impact that catches everyone off guard.
Are you emotionally and mentally prepared for a hack? Is your business?
Accounting for Website Security Is Always a Challenge
When did running a business become so challenging? Purchase this tool, configure this feature, hire more people. It’s an endless cycle, yet a necessary one. As business owners it falls on our shoulders to make these decisions.
For us, there is nothing worse than getting caught with my pants down. This is exactly what I hear from our clients. No one ever told that he had to think about website security. No one ever told that this could impact his business.
Note to developers / designers. Our clients depend on us as their trusted technologists, it’s on us to educate and communicate the realities of having an online presence. Let’s be sure to be doing our part by introducing realistic expectations during the initial engagement process: Yes, the website will require maintenance. Yes, security is something you will be responsible for. Yes, having a website is a responsibility.
Summarize of hacked website impacts
Impacts of compromised (hacked) website:
- Clients data (orders, logins, passwords, social network accounts, etc.) become public or would be should on black market. Clients also could be compromised;
- Web-site may spread spam and malware;
- Google and other search engines may ban, block access or significantly decrease website weight and this will lead to lose of top search positions;
- Website have a high risk to be blocked by hosting company or down by DoS attack, so website would be unavailable for visitors;
- Data lose, steal or corruption;
- Once website was compromised it is much harder to be sure that you clean it and no backdoors left open for hacker;
- Website can spread content violating laws and site owner will be responsible for that.