Websites are a top target for hackers; if you are asking yourself why do hackers go after web applications, and why should you protect your web applications, then this article is for you. In 2018 web applications were the top hacking vector of all breaches, involved in approximately 70% of breaches, 71% of breaches were financially motivated, and strategic gains motivated 25%. These figures come from the 2019 Verizon Data Breach Incident Report, which we recently covered in more detail here.
1. Sensitive Information
Many websites collect, store, use or process confidential information such as payment cards, account credentials, personally identifiable information or health records. Payment card data and personal information are hot commodities in dark markets; they are easy to sell and can fetch high prices.
Any website that utilizes sensitive information in any way should undergo a penetration test to identify vulnerabilities and remediate them to reduce the risk of a data breach occurring.
2. Intellectual Property
Many organizations use websites to store intellectual property, and websites can contain secret company documents, vendor portals, customer portals, sales leads, or top-secret military and government plans. No matter the size or your organization and the type of secrets being stored, keeping the data secure is a must.
A breach in intellectual property may expose a competitive edge, damage reputation, compromise customer and vendor data, ultimately leading to a loss in business, and potentially fines and lawsuits. Read more about protecting your brand.
3. Malware Hosting and Delivery
You may be telling yourself that you don’t have any payment or personal information processing, don’t store intellectual property, your website is not connected to other networks or assets, and your business is small therefore no attacker could or would want to hack me. In 2018 43% of breaches involved small business as the victims, to read more about small businesses and hacking click here.
If an attacker compromises a website, they can use it to conduct attacks against other organizations and internet users. Hackers can host malware such as ransomware and crypto mining which can then be spread around the internet, with your website as the host. A compromised web server can also be used in hacking campaigns, with malicious attacks against other organizations originating from your web server.
4. To Learn
Attackers are always trying to improve their skills by discovering new vulnerabilities, practice newly learned skills in a real-world environment or test out the latest exploits in the wild. Attackers may prefer to focus on small businesses because they often have little to no security. This makes smaller organizations a prime target for giving the attacker the opportunity to test out the latest exploits and develop new hacking skills in a real-world environment instead of a practice lab. Once an attacker compromises your website, there is no telling what they may do.
5. Bragging Rights
Hackers like to show off for attention, bragging rights, and credibility amongst their peers. They might be showing off their technical prowess, how much money they made or hacking for a cause. One of the top reason’s hackers get caught is because they share their hacks and breaches online. Many high-profile arrests have been linked back to posting online or bragging by individuals or hacking groups alike. A NASA hacker was caught last year after bragging about the attacks online.
These are many more reasons why attackers will target websites, and more consequences not discussed in this article. Investing in security ultimately helps protect your business, our online blog features several articles aimed at educating professionals about modern cybersecurity risks every business or organization faces. Read more on understanding why your business needs a penetration test or how to choose a penetration testing company and contact us for more information.