of automated attacks
Interent is becoming an increasingly important part of our society and economies. Technological progress and the transfer of all parts of society from business and goverment agencies through healthcare to finance to the Internet, is a powerful engine of cybercrime.
In addition to that, the relative impunity for offenders further fuels the trend. And the cyber crime is sadly also faily easy business - great deal of websites contains amateurish security vulnerabilities that can be exploited virtually by anyone after watching a few videos on the YouTube.
For these reasons, websites are an easy and frequent prey to the hackers. Small website isnt valuable target by itself, but in bulk small websites offers easy target with weak security and contains a lot of valuable data such as user data (you typically get about 0.6 EUR/pc per e-mail on the black market), but websites can also be misused for other purposes such as spying on users, spreading spam or serving as a base for DDos attacks on other sites.
The attack, in addition to material damage, is often capable of causing considerable damage to the reputation and outflow of customers, as some of e-shops have experienced.
Often, the attacker does not have to be a professional or an organized group, but it can easily be a student who takes it as a amusement. Most often, however, it is an automated malware that gets into your system due to insufficient security measures at the architectural level. The second most common intruder of smaller projects are automated robots scanning the Internet and looking for weaknesses.
As soon as they find a weakness, they immediately exploit it or notify the operator for potential later targeted attack.
Ways of data misuse and access
How to protect yourself
In contrast to dealing with a damage caused by an attack, protection and prevention are usually fairly cheap and investment in it plays an imaginary role of an insurance.
Attacks take place both on the technical side of things and on the human factor, for example, typically in the form of fraudulent e-mails, etc. There are a number of measures against both types at the level of site architecture and program code to help prevent them.
In addition to the work of a developer, maintenance is also important - keeping the individual components of the website updated and testing the security of the website periodically. In addition to new features and enhancements, the update also brings security patches to the known vulnerabilities that are often publicly available on the web. An out-of-date version of a component thus represents an easy-to-exploit vulnerability.
For card payment sites, we recommend quarterly audits in accordance with PCI standards and regular malware monitoring.
In addition to knowing how to write secure code and principles of designing a secure application to minimize the likelihood of an attacker breaking into the system, we check the security of our applications by penetration tests before handing them over to the client.
Legal dimension
With the advent of GDPR, users whose data leaked or were misused were given an effective tool to enforce compensation. In the EU, it is typically a 1 000 up to 60 000 EUR.
Specifically, the GDPR states the obligation to adequately protect the data, and also to monitor and report major incidents.
Thanks to a number of services that monitor data leaks, such as that one which is part of the iPhone operating system, users are increasingly learning about a data leaks in short time after a incident occurt. That brings the increased risk of lawsuits.