Hacking costs the American economy $100 billion a year. Of the most recent cyberattacks, an unknown entity operating under the ISIS name hacked into the WordPress websites of several businesses and government organizations. Andrew von Ramin Mapp, computer forensics expert and CEO of Data Analyzers, shares his insight on the cyberattack and how to keep your website safe.
Websites remain the digital storefront for businesses and organizations and, in regards to cyberattacks, small businesses face a higher risk. According to a Symantec 2013 report, small businesses were targeted in 30 percent of all cyberattacks. Small businesses and other organizations may wonder if they're intentionally targeted by hackers.
"In most cases, hackers do not have a direct agenda against your organization. They want to disrupt any institution at any level," said Andrew von Ramin Mapp, CEO of Data Analyzers. "In the WordPress hack, hackers leveraged a WordPress plugin vulnerability to access the websites. They used easy entry points in order to cause maximum damage."
It is important to point out that cyberattacks can be avoided with the right protection. In the wake of the WordPress attacks, the FBI released details of the incident citing their belief that the hackers may have used the ISIS name to gain more notoriety. The FBI also provided a few ways to keep a site safe from attack including updating WordPress plugins.
In addition to the FBI's outline of defense, von Ramin Mapp offers these four tips for those looking to protect their website:
Educate employees – 58 percent of cybersecurity incidents were caused by employees. A simple security checklist for employee reference can help prevent employee errors.
Communicate with vendors – oftentimes the attack comes through a third-party vendor who does not employ thorough computer security practices.
Perform a website vulnerability assessment – an assessment locates open holes or misconfiguration issues that a hacker can exploit if left unchecked.
Employ a back-up solution – in case your site is compromised, a cloud-based service can hold your website's data in another location.