- vervology® | soapbox 🧼
- Posts
- Website Security Roundup: What We Learned in 2021
Website Security Roundup: What We Learned in 2021
2021 has been quite the year for online technology. Cryptocurrencies entered the mainstream and experienced record highs. Facebook changed its name in the latest step in its quest for world domination, and 5G continued its rollout to deliver faster mobile connectivity than ever before.
However, 2021 may well go down in history as the year cybersecurity became the number one challenge businesses face.
There are lessons to be learned. Here in our website security roundup, we present four ways in which the events of 2021 will shape the cybersecurity world heading into 2022 and potentially long into the future.
1. Every Business Could Be a Target
Cyber attacks remain a relatively new threat. Individuals that have been in business for a while might become complacent. Cyber attacks were previously relatively rare, and nothing has changed from their end. Why would they become a target now?
61% of small businesses in the US suffered a cyber attack of some description in 2020, a number that will undoubtedly have increased in the past twelve months. Over 40% were attacked more than once, and 83% admitted to not having the resources set aside for recovery.
Large businesses are certainly not immune at the other end of the scale. For example, LinkedIn, owned, of course, by Microsoft, lost personal data belonging to over 700 million users in June, or approximately 92% of its entire user base.
Twitch, owned by Amazon, found almost its entire code base exposed in October 2021.
Generally speaking, smaller businesses suffer more hack attempts as there are more of them. However, larger companies suffer more significant breaches because they often have more valuable data to steal.
The bottom line is that if Microsoft and Amazon properties can suffer massive breaches, especially with their experience with Azure and Amazon Web Services, respectively, anyone can be a target. Perhaps the biggest lesson surrounding website security in 2021 is that if your business relies on the internet in any way, it’s time to prioritize cyber protection.
2. Dealing with Attacks is Becoming Increasingly Expensive
Virtually every cyber attack is financially motivated. While businesses may suffer the occasional bored hacker that merely wants to replace a business website with an unrelated image or a disgruntled employee that ‘loses’ their login credentials, most attacks have a financial incentive.
It’s a lucrative business, too. A 2020 report predicted that cybercrime would cost global companies $6 trillion in 2021. That’s up from $3 trillion in 2015, and the number is only heading upwards.
The Colonial Pipeline ransomware attack made headlines earlier this year, illustrating that the impact of cyberattacks is not always merely financial. That resulted in a payment to cybercrime group DarkSide of $4.4 million.
However, the owners of the Pipeline got off relatively lightly. Following a ransomware attack in March, CNA Financial, one of the largest insurers in the country, paid $40 million to regain access to its systems.
Ransomware has made enough of an impact in 2021 to warrant its own entry, which we’ll come to in a moment. However, it’s not the only source of expenses. For example, 60% of small and medium businesses that suffer a cyber attack never recover and ultimately go out of business within six months. Some lose their data and can no longer operate. Others cannot afford the ransom. Some simply don’t have recovery plans in place should an attacker strike, and the downtime becomes unrecoverable.
Data breaches themselves can prove costly. The average cost in 2021 was $4.24 million, a significant rise on $3.86 million in 2020 and the highest figure in the history of IBM’s reports.
Just a week of website downtime can often prove fatal for even the smallest businesses. Seven days without cash flow can be devastating, especially in a year that has proven as challenging to the corporate world in other ways as 2021.
The lesson here going forward is that it may well be worth investing further in cyber defenses now than waiting for the worst to happen and attempting to recover afterward.
3. A Continued Rise in Remote Working Will Present Further Cybersecurity Risks
It’s widely accepted that there’s a link between the rapid rise in remote working and cybersecurity challenges. As a result, businesses have less control over what their employees do and often rely on external devices when getting the job done.
In website terms, this has resulted in more corporate sites being accessed remotely. There’s a higher risk of credential interception on public networks. Property theft, potentially involving sensitive information, is far more likely in public spaces than secure office environments.
A widespread planned return to work hit a roadblock in September with the discovery of COVID’s Delta variant. In October, Microsoft postponed its return-to-work plan indefinitely. Apple, Amazon, Google, and Facebook followed shortly afterward, indicating that offices wouldn’t return to anywhere near total capacity until 2022 at the earliest.
A key challenge facing businesses is that cyber-attacks rely on remote access. However, companies may have to weaken their own defenses or otherwise alter their operations to enable employees to continue work on the website.
This potentially points to the need for more significant investment in secure remote infrastructure and a more robust strategy around protecting a website in the event of an attack.
4. Ransomware is Increasingly Becoming the Weapon of Choice
Were the results not so alarming, ransomware could even be considered a marvel of software. With just a relatively minor entry point, it can take over entire networks in a matter of seconds, rendering data inaccessible and unusable without a key.
It has risen hugely in prominence in 2021 for numerous reasons, and businesses of all sizes should be concerned by the figures involved. The volume of attacks globally increased by 151% for the first six months of the year compared to the same period in 2020.
Attackers favor the tool for one simple reason – it doesn’t matter what your data is worth to them. A username and password combination acquired in a data breach is rarely worth more than a few cents. However, they could be worth much more to the site in question.
Given that the focus of this feature is on websites, consider the value a website brings to a business. Should ransomware gain access to a server and successfully encrypt a website, it’s no longer available.
The first consideration is the cost of downtime. Let’s say a small business sells $10,000 of products through its site each week. Three weeks of downtime leads to a cost of $30,000, and that’s without considering intangible expenses. Companies might lose search rankings. For companies with an offline presence, a potential visitor may check the website and assume the company no longer operates.
The website itself is worth close to nothing on the black market – anyone could come along and freely copy the code without committing any greater crime than copyright infringement. However, it’s worth tens of thousands to the business behind it.
Suddenly, if no backups are available and the entire server has been compromised, a ransom payment becomes the path of least resistance.
Ransomware is like removing the risk of breaking into a house and finding there’s nothing inside worth stealing. It’s more like stealing the key to a house and refusing to grant access without receiving a payment.
Fortunately, when planned for and addressed strategically, ransomware doesn’t have to be overly challenging to overcome.
Secure Your Website for 2022 and Beyond with Vervology’s Website Security Roundup
If your website is the cornerstone of your business, there has never been a better time to invest in protecting it. Unfortunately, many small and medium businesses lack the resources and expertise to develop comprehensive website security strategies, and that’s precisely where Vervology can help.
Our Vervology.Care plans are designed with website security in mind. Every tier of protection includes daily backups, rendering ransomware almost useless, and round-the-clock uptime monitoring to ensure that it’s possible to address it immediately if something does go wrong. Each package also includes regular updates to themes, plugins, and core files, ensuring that vulnerabilities that attackers may look to exploit are closed as quickly as possible.
There’s a Vervology.Care plan for websites of all sizes and security requirements. Sign up now to commence website protection immediately, or get in touch with the Vervology team to discover how we can make website downtime, for any reason, a thing of the past.