IT security is one of the topics we hear about the most and we spend a lot of time and effort making sure our customers are not at risk. We also devoted an article to this topic “Avoid being hacked, is it possible?” where all the steps to reduce the risk were detailed.
That said, all too often we meet smaller companies that have the (wrong) mindset of ” My company is far too small and not influential enough to be the target of hacking “. Honestly, nothing could be more wrong.
The article quoted above said it loud and clear: ” In contradiction to popular belief, being self-employed or a multinational company has very little impact on the chances of being hacked. There are many reasons to hack a site and that’s why basically EVERYONE IS A TARGET. The theft of information is often the main reason for hacking large companies. On the other hand, resource theft now means that we can all be victims. But what is resource theft?”
An increasing number of websites are attacked every year: some data to support this
The 2022 annual report produced by the security company SiteLock, analyzing about 7 million websites, which mentioned that a website is attacked on average 172 times a day. The news is not very encouraging as we learn that it is an increase of 210% compared to the year 2020.
When you have an infected website, it is important to know that search engines such as Google and Bing have some “malware” detection mechanisms in place. When a search engine detects that a site is infected, it is automatically blacklisted and removed from the search results so that it can stop further contamination.
According to the SiteLock report, only 8.49% of the infected sites were blacklisted. But how is that possible? “First of all, you have to know that a search engine is not an antivirus. In addition, you have to understand that you can infect a site in order to use the resources of the hosting account rather than trying to infect visitors,”explains Jean-François Arseneault, co-founder of SatelliteWP.
Using your hosting account to SPAM or cryptocurrency mining, for example, is an actual thing. “It’s important to reiterate: no website is too small to be hacked” mentions Neill Feather, president of SiteLock.
Cybersecurity: a lack of commitment from web designers?
But why are so many sites being hacked? While different scenarios can be considered, a Sucuri survey done in 2020 showed that 44.3% of web professionals do not talk about security before starting a new relationship with their clients.
While central to successful websites, security is often addressed as something of a secondary concern. When you dig deeper, here’s what you can learn (with some shock) about the web professionals who answered Sucuri’s survey about their client’s website security:
- 14.8% do not talk about security with their customers;
- 12.8% mention the security aspect when creating the website;
- 7.4% address when a security incident occurs;
- 6.0% address security once the site is launched;
- 3.4% mention security when asked by the client.
While these numbers are quite concerning, it doesn’t mean that web designers don’t have their client’s best interests in heart. This can be explained by a lack of knowledge in that field among web creators « Web design and integration are two separate domains that have no connection with security matters. People often mistakenly think that a web designer should have known all the security measures in order to protect a web site when in fact there is another profession that specializes in web maintenance. ” continues Jean-François Arseneault.
How to protect my site from cyber attacks
You can’t stop cybercriminals from attacking your website, but you can stop them from succeeding! Nothing should be taken for granted and you should have a clear strategy in order to keep yourself up to date and reduce the risks for your business and your customers.
Over 60% of the sites analyzed were vulnerable at some point during the year, an increase of 4% compared to the previous year, according to Sucuri’s 2019 research report.
Are WordPress updates important? The short answer is: yes.
However, it is also important to do them properly. You can make sure that everything will be done properly by getting a WordPress maintenance plan for your site by entrusting it to professionals. As long as you make regular backups and keep your environment up to date, the risks will be minimized. It is a constant effort to be made each and everyday! But in the end, it’s worth it!