Why You Are The Ultimate Website Security Attack Vector
Updated October 11, 2018
Putting in place sufficient measures to protect your website electronically is an oft-overlooked, critical component in protecting your website – but YOU are the largest attack vector (risk factor) when it comes to your site being compromised.
Read on to find out about common attack vectors, what you can do to avoid being a victim, and how a heaping helping of common sense is the best recommendation we can make!
Popular Attack Vectors
If you read the news, you’ll believe the popular security statistics which show the most common attack vectors to be:
55% Cross-site Scripting
53% Information Leakage
36% Content Spoofing
21% Insufficient Authorization
19% Cross-site Request Forgery
16% Brute Force
12% Predictable Resource Location
11% SQL Injection
11% Session Fixation
11% Insufficient Session Expiration
While these statistics aren’t wrong – they don’t explain the role you play in keeping your computer, website and network secure. These stats only paint part of the picture.
You As The Attack Vector
Attack Vectors are the ways and means in which a hacker is able to compromise a computer, system or network. When we talk about attack vectors, we’re actually talking about what hackers do to gain access to your site – and what they do once they have access.
The average office worker receives 121 emails per day. Being a popular attack vector, 1 in 131 emails contains malware. This gives each office worker roughly one chance per day to open the wrong email, click the wrong link and become a malware victim, each and every day. Multiply that 1 chance a day times the number of office workers (about 75 million in USA alone) and you have 75 million opportunities for malware to spread.
Keep in mind that malware can range from innocuous, irritating things that cause you inconvenience on your local machine – think browser hijacking, resetting your homepage, or emailing people in your address book, all the way up to ransomware that encrypts your machine and won’t release control unless you pay – or which passes your login details for managing your website(s), giving someone the ability to remotely control of your web server.
With email, you have control of what client you use, whether it’s updated, whether your operating system is updated, whether your’re running an antivirus that scans email – or not. You are the weak link in the chain – so you have become a preferred attack vector.
In the early days of the Internet, people would spend considerable time browsing sites, clicking links to other sites, and surfing site to site, without using a search engine to help guide them. With the advent of Bing, Yahoo, Baidu, Yandex and Google, things have changed. We now rely on search results to guide us to what we seek.
Then again, in the early days, when you clicked a ‘bad link’ it most likely would take you to a Rick Astley video (Never Gonna Give You Up) and would have said to have been rickrolled. No harm, just a laugh. But those times are largely a thing of the past.
In the modern day, hackers make good money by getting you to visit a site different than you expected, get you to click a link for an advertisement you weren’t really interested in, or get you to install software that you certainly didn’t want or need.
Because people have come to trust search engine results – they tend to indiscriminately click anything found in the first page of search results. If a hacker can get a site to rank in Google results, they can get you to visit and then it’s GAME ON.
Did you know that, “There is a hacker attack every 39 seconds, affecting one in three Americans each year.”? 20% of hacks involve the theft of credit card numbers. Hackers can expect to earn anywhere from $1 to $450 per (person’s) record they hack, depending on the extent of the information.
Think before you click!
We, as an Internet society, are media addicts. We consume videos, watch news, listen to music, download themes and memes, filter our selfies and a hundred other common types of media. We just can’t seem to get enough!
Some people chase the latest Top 40 hit music tracks on the charts, and try to download them without paying for them. For others, it’s the latest box office movie release – again wanting to download it without buying or going to the cinema.
This desire to freely download media is what drives some of the most common malware/ransomware/browser hijackings of anything on the planet.
There are many ways hackers use technology to compromise systems, but at the root of many is the basic human need to get what they desire. Think before you click!
When it comes to hosting – choose a plan that fits your needs and host that understands all aspects of security. Whether it’s low-cost managed shared hosting, a managed VPS or top of the line managed dedicated server hosting, consider KnownHost – where your security is taken seriously day in and day out…