Let’s say that you are an owner of an SMB, you have a website that gets modest traffic, most of which you determine are your existing or potential customers. They browse your wares and offerings, and can purchase them directly through your website.
Let’s also say that security for your company’s website really hasn’t been one of your major concerns. You think to yourself, “Why should it be?” You service a small, yet steadily growing user-base. You don’t think you would be on a hacker’s radar for a million years.
You are one of the little guys right? Why would a hacker target you? Why would they go after your assets or customers when there are much bigger fish to fry?
The cold hard truth is that hacking isn’t like it used to be, it’s not one kid going after a particular site trying to break through firewalls to poke and prod around to find some secret military installation or the like.
Today, a majority of hackers, if not all, are using programs that automate their attacks. They use networks upon networks of hijacked “zombie” machines to do the dirty work by probing the Internet 24 hours a day, seven days a week looking for common Web application vulnerabilities. And they don’t discern between the sizes of a business—be it large or small. Every online business has the potential to make them money now, or down the road if they can get through the defenses.
They are looking to do one of two things, smash and grab (passwords, credit cards, user names, user data, etc.) or establish a long-standing foothold where they add hidden code that infects every one of your sites visitors—every time they visit your site!
Did you know that every month security researchers find over 400 new common vulnerabilities that can be exploited by hackers. Over 400! Every month! That’s almost 5000 new “COMMON” vulnerabilities a year!
If you aren’t scrubbing and evaluating your site during production, before it goes live and every few months, you are just giving away the farm. It may not be today, but it will happen and it could put you out of business. And as your business grows, you will become increasingly dependent on Web applications. If you take the necessary steps to institute a prevention plan now, you will be protecting your own business and your number one asset—your customers.
You may think you cannot afford it, but so you know Cenzic provides a free evaluation of Hailstorm, our pro-level evaluation software.
With Hailstorm Pro you can:
- Test attack resistance, regulatory compliance and conformance with internal security policies all from your own desktop,
- Detect more vulnerabilities and reduce false positives with Stateful Assessment™ technology,
- Schedule assessments while applications are running, with no downtime, and
- Reduce costs with automated penetration testing for both commercial and custom applications.
Do you and your customers a favor and try a free week of Hailstorm Pro…it’s on us.