Business Web Sites Often An Open Door For Hackers
Cyber criminals have a variety of ways to break into corporate networks
, and do so on a routine basis. In response, businesses put in place firewalls and other mechanisms to offer at least some protection against hacking.
But it appears that businesses' web sites are particularly vulnerable to attack, and that hackers are using sites intended for legitimate customers to wreak havoc. A hacker can examine the design of a web site to discover ways he can take advantage of valid functions of the site to perform exploitive, if not illegal, actions.
Known as business logic abuse or precision hacking, the practice is widespread partly because web sites have to offer functionality to authentic customers, and partly because it is difficult to prevent without inconveniencing those customers.
Because the concept can be a little fuzzy, let's look at a real world example of alleged business logic abuse: The BBC reported that in Brazil, a government agency responsible for issuing logging permits in the Amazon rainforest decided to go paperless, putting the permit application process on the web. After the change, hackers employed by logging companies infiltrated the web site and issued fake permits that went above the limits on logging actually set by the Brazilian authorities, according to accusations by the environmental group Greenpeace. So, the hackers allegedly used a legitimate function of the web site to commit malfeasance.
According to a report on business logic abuse released by the Ponemon Institute, 88% of corporate IT experts surveyed said that business logic abuse is as or more important than other security issues. Yet only 31% of respondents agreed or strongly agreed that "my company has sufficient technologies for minimizing business logic abuses."
Furthermore, survey results seem to indicate that few companies are either monitoring their web sites effectively or dedicating enough financial resources to the problem.
Such an approach from the C-Suite is short sighted, because precision hacking can have a direct affect on the reputation and bottom line of a company. For instance, a hacker may be personally opposed to some practice or policy of a corporation, and seek to harm its brand or reputation through exploiting its web site. Or, the hacker might just be looking for a vulnerable web site through which he can steal money or personally identifiable information.
In the survey, a whopping 90% of respondents said their company had suffered financial loss as a result of precision hacking. A full quarter of them reported at least a 5% revenue loss.
With such large sums on the line, one would think that companies would have protection against this type of loss. Cyber liability coverage does just that - paying claims stemming from business interruption, brand damage, notification costs when customers' data has been breached, and numerous other causes. But ironically, only about 2 to 3 in 10 firms carry cyber liability insurance.
An introduction to some of the issues surrounding such coverage can be found in an article titled "What is Cyber Insurance?"
IT security and loss prevention experts all concede that it is impossible to fully protect against hackers, and even large corporations routinely fall prey to cyber criminals. So while it makes sense to take steps towards shoring up your company's digital security, you should also get insurance to protect in the event that your business is successfully breached by a hacker.
by: Steve Haase
Use Of Custom T-shirt As Business Promotion Medium How To Run Your Business Start-up Successfully Cash Flow Forecasting: To Make Your Business Work With A Net Cash Inflow Devise Strategies Check On Your Finances To Save Your Business From Crippling Down Management Consulting Will Bring Your Business Organization Back On Track Important Tips To Grow Small Business Modernize Legacy Code And Update Your Business Processes Writing A Business Plan Is Essential For Any Business How Outsourcing Payroll Services Can Prove Beneficial For A Business? Hp Lto3 Tape Enhancing The Productivity Of Businesses Hair Salon Design: A Most Important Things To Consider Before Start Your Business Tips On Installing Office Phone Systems For Your Business How A Calendar Makes An Impact On Your Business?