Cyber-attacks against websites are perennial threats that any organisation with an online presence should guard against. Threat actors may target a website with possible intentions of gaining access to sensitive data, or using the application as a staging post to launch further attacks against users of the website. The common vectors of such attacks include brute-forcing of user accounts, cross-site scripting (XSS), cross-site request forgery (XSRF), SQL injection (SQLi), or exploitation of an unpatched vulnerability.
Such attacks may result in:
- Website defacement
- Loss of website availability or denial-of-service (DoS) condition
- Compromise of sensitive customer or organisational data
- An attacker taking control of the affected website
- Use of website as a staging point for watering hole attacks
Being compromised can damage an organisation's reputation and may result in financial loss due to eroded user trust and decrease in website visitors.
Measures to Secure Your Website
Organisations are advised to consider the following measures to secure your website:
- Ensure that all software or applications are patched and up to date. Organisations can also do this easily by enabling automatic updates, where available.
- Ensure that default passwords are changed for the website, router(s), server(s) and any other devices that are connected. Use a strong password of at least 12 characters which include upper case, lower case, numbers and/or special characters.
- Enable two-factor authentication (2FA), where available. This additional verification process helps to provide an extra layer of protection and reduces the chances of cyber criminals gaining access to the user's account.
- Validate user input, such as special characters and null characters, at both the client and server ends.
- Implement reCAPTCHA on your website to block spam bots or automated software from interacting with your online site. This can help stop spammers from overloading your online site or server with millions of bot requests and prevent it from going down.
- Implement the principle of least privilege and disable unnecessary accounts and privileges.
- Install web application firewalls and security plugins to block unauthorised traffic and malicious requests from accessing your network or system. These help to safeguard against threats like XSS, code injection, or brute-force attacks.
- Implement network segmentation and segregation to make it more difficult for attackers to move laterally within connected networks.
- Make use of website monitoring services that can give you timely notifications should your website experience downtime or issues with core functions. This can help to draw early attention to issues for mitigation and containment.
- Enable logging of system events to facilitate investigation of suspicious events or issues.
Ensuring Availability and Privacy of Important Data
Organisations that regularly back up their important data and keep it offline are less at risk of being seriously affected by website attacks. Depending on your organisational needs, maintain backup copy(ies) of your database and files regularly. It is important that the backup data is stored offline and not connected to your systems.
As an additional good practice, encrypt all sensitive data so that even if the data has been stolen, it is more difficult for attackers to physically access the encrypted information.
Keeping Up with the Housekeeping
Regularly monitor and review administrator-level accounts and privileges for access and activities. Remove any database, application or plugin files when they are no longer in use. Obsolete accounts should also be deleted. Regularly reviewing and performing such housekeeping activities can help in removing potential entry points for an attacker to breach your system and to detect abnormal activities quickly.
Responding to and Recovering from An Attack Against Your Website
If your website has been attacked, these steps may help in response and recovery:
- Put up a maintenance page to communicate that your website is down and that restoration is in progress.
- Take the web server that has been compromised offline to prevent deeper penetration within the organisation's network.
- If a backup web server is available, restore the website with the backup.
- Perform detailed investigation and forensics on the offline web server to identify the suspected intrusion point.
- Once the root cause has been identified, take action to remove the threat(s) to prevent future website attacks.
- Re-deploy the primary web server component and monitor for possible future website attacks.
- Take necessary steps after the incident to strengthen your security defences, and detect vulnerabilities before an attacker does. If done right, this will help you to limit the impact of future attacks on your organisation's operations.