Imagine a burglar, working deliberately and stealthily inside your company premises, inspecting your valuables, peering into company reports, and sifting through confidential information. Now imagine that burglar going unnoticed for 205 days. Implausible, isn’t it?
Not really. In 2014, hackers were on average present in their victims’ networks for 205 days before being detected.₁ This gave attackers free rein in those environments – ample opportunity to take what it was they had come for.
While attackers and security teams continue to play a game of cat and mouse, with attackers changing tactics as soon as new defences are put in place, the frequency and severity of website hacks continue to rise.
Is your website about to be hacked?
IT Governance has developed an infographic highlighting the threats surrounding website hacks.
Click the image below to view the infographic.
Everyone is now at risk
What has become abundantly clear is that hacking is no longer the preserve of master cyber criminals. With over 30,000 websites being hacked to distribute malware every day, everyone is now at risk. Malware enables criminals to begin a process of exploiting vulnerabilities that are commonly found on desktops, mobiles and laptops all around the world. 96% of tested websites have vulnerabilities,₂ which means that only a very small number of websites and applications are indeed secure.
Malware is now evolving at such a fast pace that it is difficult to keep up. McAfee catalogues over 100,000 new malware samples every day – that’s 69 new threats every minute.
Unskilled computer users can easily download and run hacking software designed to search for, find and exploit known vulnerabilities wherever they occur.
Knowing your vulnerabilities is the first step
An effective form of defence against these automated cyber attacks is regular penetration testing. Knowing your vulnerabilities is the first step in protecting them, so an organisation that conducts regular penetration tests stands a much better chance of blocking cyber attacks.
IT Governance offers website and infrastructure scanning and penetration testing services at a fixed price, and with discounted packages for repeat penetration tests you can rest assured that your website is protected. View our repeat penetration testing packages for cost-effective PCI and ISO 27001 compliance options.
₁Mandiant M-Trends Report 2015
₂CENZIC Application Vulnerability Trends Report 2014