Web Security: Raising the Bar
Over the years I've continually stressed the importance of web security to our clients. To the point that some of you think that I'm paranoid.
But in this instance it's a case where the perceived paranoia should be interpreted as actually being in possession of the full facts. And of course, I have the relevant data to support those facts.
Remember that you don't see what I see on a daily basis. You're disconnected from it because I handle the process completely - so you don't need to think about it. But just because none of our clients have ever been hacked doesn't mean people aren't trying. They are! And it's my job to stop them!
But what am I up against? This image below is a screenshot of the security firewall in one of our client's sites. Those statistics represent the hacking attempts made on that particular site within specific timeframes. And every one of those hacking attempts was blocked and the IP blacklisted.
So let's be absolutely clear that these threats are very real, and they need to be taken seriously. I take them very seriously indeed.........do you?
Because throughout recent years the security threats to web sites and personal information have increased in sophistication, magnitude, intensity, volume, and velocity. In fact, 87 percent of IT security specialists worldwide believe that we're now in the middle of a global Cyber War!
This elite level of expertise, which was previously directed mainly at governmental and international corporate entities, is now spreading across into the mainstream of security threats that we have to face every minute of every day. The script kiddies and amateur hackers of yesteryear have now been been usurped by a much more sophisticated and knowledgeable network of potential intruders. And they're packing a lot more firepower in their arsenal.
Faced with this additional level of threat we had two choices: Stick with the current system that has served us well for so many years and hope for the best. Or raise the bar to reflect the change in the status quo. As you would expect from us, we've raised the bar. A lot! So in addition to our normal (and very extensive) security processes, we've now deployed an industry-leading commercial security system.
Obviously I can't go into any detail on this openly, but it does introduce advanced intrusion prevention and Bruteforce protection to mitigate against the new threat levels that we face.
From now on, all the individual security elements which were previously working independently are contained within a controlled and integrated server security environment and the processes interact together should the threat change or evolve. Plus, it brings a lot of additional elements of protection to our servers, one of which is it has the ability to automatically send any infected files to a cloud based analysis engine. The file is then automatically cleaned and sent back down to the server when the threat has been removed.
Obviously we hope we never have to use this aspect as our mission is to stop any threats before they reach that point. But it's still good to have processes in reserve......just in case.
So we have now created an environment where detection, protection, and reporting of security threats happen simultaneously and collaboratively. The system protects your web applications and personal data effectively against malwares, botnets and hacker attacks at all times. And after speaking to the developers, it appears that we are the first provider in Spain to implement this system.
But we can only go so far, because you have a responsibility as well. Do not run outdated software and deprecated PHP versions on your accounts......you're just asking for trouble. And if you are running vulnerable software then all the security systems in the world are not going to help you because the application will just let the attacker in without triggering security. Essentially you've given them the key to the door.
We've always notified clients of this situation before their sites reach this stage. And if they choose not to update their software then that's their choice. However, we are then unable to provide hosting services for them any longer - as they're a risk to themselves and everybody else. We would of course find them an alternative host. Be assured that there's plenty of "Web Hosts" out there who don't care what their clients put on their web space......as long as the money comes in.
It comes down to this: Would you prefer your data to be within a secure gated compound......or a crack house? It's a no-brainer as far as I'm concerned!