Imagine the surprise of a small business owner when the first thought that they could have been hacked enters their mind. Their journey from suspicion to discovery can span days or weeks, but in the end, it always means big problems for the unsuspecting business owner. Unfortunately, this is the reality for hundreds of businesses every year. In fact, it happens every day – 14 million US businesses are at risk of a cyberattack at any given time.
Jody Steinhauer knows this first hand. She is the founder and Chief Bargains Officer for Toronto based Bargains Group Ltd. When her business was hacked in October 2016, it wasn’t as simple as a “you’ve been hacked” message spanning across her computer screen. Even after noticing some suspicious website activity, the revelation that they had been hacked was not immediately clear. It was not until Jody received a Google Alert about her business and followed the trail to another company website when she realized there was a problem, a problem well beyond her expertise.
It was a colleague of hers that said the words – “you’ve been hacked.” Fortunately, or unfortunately for Bargains Group – within days of the hack, Google identified the suspicious activity and blacklisted the website from their searches. Years of rank building and search engine optimization work was gone in an instant which meant lost sales and a big blow to the company’s reputation. In fact, their entire online footprint was gone in a matter of days. This sparked concern from clients and friends, thinking they had suddenly gone bankrupt and closed their doors. As an online business, this could be a devastating loss.
Picking up the pieces
If you suspect or discover that your business has been hacked, what are you supposed to do next? For many small to medium businesses, a plan is not in place to prevent and respond to this type of crisis and will cause the situation to snowball out of control. Hackers are often financially motivated, and they may hide malicious payloads in your web application alongside existing code to avoid discovery. The longer the code remains undetected, the longer they can maintain control over the website.
Once an attack or breach has been identified swift action to stop the attack, isolate and preserve systems in their current state must be taken. Stopping the attack will help prevent further damage to affected machines and reduce the risk of infecting more systems. Preserving systems in their current state will allow incidence responders to investigate attacks, gain evidence to learn how attackers breached their systems, what actions attackers performed in the environment, aid in removing the attackers and help prevent future attacks through lessons learned.
Practicing proactive prevention
In almost all cases, developers will indicate the website is secure; but this must be technically verified using application security testing. Having a proactive approach to security that involves regular patching, educating employee’s and end users, conducting security assessments, and remediating identified vulnerabilities is a great path to staying ahead of hackers instead of becoming the next victim. Recovering from serious attacks can range from several months to two years in order to remove an attacker’s presence and restore normal operations along with high costs of bringing in a highly specialized incident response and recovery team. While is not feasible for many small businesses to hire security resources, outsourcing recurring security testing and maintenance of your website maintains visibility into the overall risk of compromise. By outsourcing this task, you gain the experience of trusted professionals that are trained to think like attackers with collective expertise using the latest testing methodologies to discover vulnerabilities, misconfigurations and weaknesses in applications and supporting infrastructure.
At Packetlabs, we provide various services including penetration testing and application security testing which both simulate cyber-attacks, mimicking real-world situations. This type of testing uncovers countless vulnerabilities which may lead to the compromise of services and applications, allowing organizations to patch affected systems and prevent attacks before they occur.
Interested in learning more about how penetration testing can uncover weaknesses in your system? Contact us for a free consultation!