The web we’re building just ain’t secure. Odd, since virtually so many organizations from tech startups to a tire factories to your municipal government are so plugged into interactive websites and business web apps. You’d think we’d all take better care of it.
A few self-explanatory headlines just from the last few days illustrate the point:
- Hackers Deface Large Hadron Collider Website
- BusinessWeek Website Infected by Hackers
- Social Security Numbers Exposed on Iowa Website
Even our mobile devices that no self-respecting tech exec would be without are succumbing to hundreds of viruses: Mobile Malware – Coming to a Smartphone Near You?
The Vancouver-based IT consulting firm, Pacific Coast Information Systems Ltd. points out on their corporate blog, network firewalls and other typical security measures are not effective against attacks on web applications (Vaclav’s Blog). But these days, around 75 per cent of the attacks, often backed by organized crime, are against web applications. This is why industry analysts suggest that just one in 30 websites are “safe” right now.
And it’s not just business websites that are targeted – non-profit websites and individual WordPress and Blogspot blogs are getting hit all the time, if the forum filled with panicking and heartbroken posters at StopBadware.org is any indication. The StopBadware site actually has some good web security tips for protecting your site from the dreaded tag, “This site may harm your computer“.
Vancouver Techie blogger Jan Karlsberg also has some advice for WordPress bloggers (and companies running their websites off the WordPress platform) to protect themselves with a little code review. He knows, because his WordPress blog got hacked – and he fixed it. Some other WordPress anti-hack tips here.
The BCTIA also has some web security tips in their TechExperts section. The basic advice is for businesses and large organizations to build security into their web apps from the beginning with regular code checks, web app firewalls and fixing the malicious code that got past your best efforts at closing off vulnerabilities.