Alex de Joode, security officer at global hosting provider LeaseWeb, explains why web designers should always be security conscious to combat internet threats
Evidence is everywhere that the number of cybercriminals remains a serious issue, and internet ‘bad actors’ are making a substantial living from their illegal activities. While it's true that many cyber criminals are focusing their efforts on individuals, other more dangerous gangs have set their sights much higher. These cybercriminals are targeting high-value businesses to steal closely-guarded intellectual property, log-in details, financial data and other sensitive information that resides within the confines of the ‘secure’ corporate network or web applications.
Every day, increasingly sophisticated variants of Trojans and malware emerge, craftily constructed to evade the security measures put in place by banks, online stores and pay platforms. The most common target for such attacks is Windows, because it offers the greatest number of users of most online services (banks, shops, payment platforms and so on). Nevertheless, Apple-based systems are becoming more attractive as the company’s market share grows, thanks to the launch of devices such as the iPad and iPhone. The growth of mobile devices such as these can only add to the business world’s security headaches.
There has also been a marked increase in criminals attacking popular sites and advertising engines to steal information and disable websites for political reasons. The recent wave of ‘hacktivists’ presents new issues for web developers, as many traditional organisations are now having their sites hacked.
Using a Distributed Denial of Service (DDoS) attack, hacktivists make websites inaccessible using botnets, and overwhelming the target site with server requests. However, recent anonymous attacks showed a new level of sophistication by recruiting volunteers to download a tool to create a "virtual" botnet, turning almost anybody into a potential hacker.
Steps to safety
So what can web developers do to ensure the safety of a corporation’s online network?
The first stage in solving the security problem starts with the development and design stage. If developers neglect to address all security issues, a future hacker will very likely exploit the flaw to extract confidential information from the website. To fix this problem, website planners must ensure their scripts are very well planned and tested, especially those parts that deal with private information. In many countries there are now legal requirements to ensure the privacy of medical and financial records.
Using a Digital Certificate (Digital ID) from a trusted certificate authority in conjunction with SSL encryption provides a very high grade of security for all parties involved in a transaction. Keeping Content Management Systems (CMS) up to date is also crucial and ensures other security aspects of the site are updated. Web developers ultimately have to keep increasing their knowledge of the system security of their platforms to protect end-users and their own clients. Web designers are an important line of defence in the war on cybercrime and have a serious responsibility to create a safe site.
It is also important to liaise with organisations that monitor illegal activity on the web, to keep abreast of new security issues. LeaseWeb sponsors the Community Outreach Project, which supports organisations that fight cybercrime by monitoring and sharing information with the hosting community regarding sources of malware and internet “badness.” This information is used to help identify potential security “holes” that may be weak points for attacks against customers. High quality hosting providers such as LeaseWeb are very concerned with ensuring customers receive a safe hosting environment and work with many concerned internet security groups to minimise security threats.
Collaboration is a key element in the fight against cybercrime. Whilst organisations can ensure they create safe and secure websites and online networks, combating malware is one way that hosting providers can make sure the internet is a better place for businesses, and other organisations that depend on a secure internet, to operate on a daily basis. It's important for everybody involved in the IT and web hosting industries to work together to comprehensively manage security risks.