You, a creative entrepreneur with a great idea, finally launch a business. As a startup, having your own website is essential in conducting business. Startups must always take extra precaution when it comes to their web security. Because startups are the perfect targets for hackers, your website should be protected as soon as it is ready to go live. Compared to large corporations, a web attack against a startup or a small business can mean the end to a great beginning. For this reason, web security should be prioritized as part of your product development from the very start. Many startups utilize CMS tools like WordPress and Drupal to launch their website. WordPress is arguably the most popular, comprising over 26 percent of all website usage. Due to its multisite option, plugin versatility and ease of use, many startups and small and medium-sized businesses utilize the platform giant. But its popularity also attracts hackers in large numbers and even with such a huge CMS, such as WordPress, powering your website, that does not make you totally safe from web attacks. As a startup using WordPress, you are most vulnerable to… plugins. From the moment your website goes live, bots scan your website. And you guessed right, not all bots are good. The “good” bots crawl your website and can be valuable when it comes to search engine rankings; however, the “bad” bots are out to exploit vulnerabilities. Imperva Defense Center revealed an interesting but frightening report involving a blackhat SEO campaign. Hackers can use sophisticated techniques using a combination of SQL injections, comment spam and crafty CSS HTML tricks to conceal their malicious activity from your visitors and more importantly, you as an administrator. You may be asking, “why are they targeting me?” In reality, these kinds of web attacks are not personal but arise from preexisting vulnerabilities. Hackers are out for monetary gain, exploiting the vulnerabilities from your website along with thousands of others to illegally promote and ratchet up the search engine rankings for their clients’ websites. This is only one instance in which web vulnerabilities are exploited. As hackers’ techniques become more sophisticated, the presence of these malicious bots bring forth much more damage than this blackhat SEO campaign. WordPress plugins can make your website susceptible to web attacks if you do not update them regularly or if you install plugins from non-reputable sources. Just last month, a ransomware known as CryptXXX, which first surfaced in 2014, returned at an alarming rate. A report by Invincea found that the Revslider plugin, which is commonly used on WordPress websites, was susceptible to this ransomware. As a result, CryptXXX began specifically targeting WordPress websites. Oftentimes, startups are quick to dismiss their needs for web security but web attacks can destroy a business that relies on operating a full-managed website using WordPress. In a recent survey by the University of London, 40 percent of executives said they don’t feel responsible for the repercussions of hackings. As shocking as this finding may be, your startup can take on a different outlook by taking precautionary measures. Instead of blindly trusting in the security your CMS, strongly consider incorporating web security members into your product development process before it’s too late.
About the Author: TJ Jung is the VP of Product and Technology at Cloudbric, a cloud-based web security service that provides elite protection for small and medium sized businesses. Jung has over eight years of experience in the security field and enjoys hiking on his free time. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
