holiday shopping online

Why Your Customers Fear Online Shopping

Ecommerce sites can look forward to overstuffed stockings this holiday season. Holiday sales are expected to increase by at least 4 percent this year, for an anticipated total of $1.04 trillion – and for the first time, online spending is expected to exceed in-store sales. In fact, consumers plan to spend 51 percent of their holiday shopping budget online, compared to 42 percent in stores.

Despite these trends, a recent study by SiteLock shows that nearly one in three online shoppers do not plan to shop online at all during the holidays.

Unfortunately, their fears are justified. SiteLock found that 27 percent of consumers worry about their information being compromised, and with good reason. The average website experienced 63 attacks per day in Q2 2017 – up from an average of 22 attacks per day in 2016. Many of these attacks include malware, which is software created for malicious purposes – such as stealing sensitive customer information. If you haven’t noticed any attacks hitting your eCommerce site, don’t be surprised. Recent trends indicate that malware is becoming more deceptive and difficult to detect. Out of six major malware trends identified in Q2 2017, four specialized in quietly breaching a site and maintaining a hidden presence. And don’t expect your customers to see evidence of malware on your site – 23 percent of infected malware files include a backdoor file, which allows cybercriminals to enter and exit your site without your knowing. It’s no wonder consumers worry about shopping online because they think their information will be compromised, as it could very well happen without any warning. Even more concerning, if your customers find out your site was at fault, you can also count on losing their business. In fact, 65 percent of respondents who have had information stolen or compromised due to online shopping no longer shop online or refuse to return to the site where their information was compromised, which is a loss most online retailers – especially small businesses – can’t afford.

A secure shopping cart isn’t enough to protect your website from attacks and safeguard consumer information. Fortunately, you can easily secure your site and resolve consumer fears in time for the holiday rush. SiteLock survey results reveal that 52 percent of respondents say a store that provides a secure payment network makes them feel more confident. As an online retailer, there are a few things you can do to help prepare yourself and protect your customers. For example, become PCI Compliant if you haven’t already. You’ll reduce the risk of fraud for your customers while avoiding a hefty fine that might cost you $100,000 or more. You can also use a website scanner to proactively check for malware or use a web application firewall with a CDN to help speed up your website and ensure only legitimate traffic hits your website.

Relieve your customers’ fears of shopping online this holiday season by taking proactive security measures, and ensure happy holidays for both your customers and your business!

Decoding Security 105: You’re Not Too Small To Be Hacked

Can your small business afford being hacked? According to CNBC, 50 percent of all small businesses have experienced a breach – and 60 percent of victims are out of business within six months due to the hefty cost of recovery. What makes small businesses such an easy target, and what can business owners do to keep their digital doors open? Find out in the latest episode of Decoding Security, as  Website Security Research Analysts Jessica Ortega and Michael Veenstra discuss small business cybersecurity, recent security news, and more.

You can learn more about cybersecurity in our previous episode, Endpoint Security. Check out past episodes of Decoding Security and subscribe for more on YouTube, iTunes, and Google Play!

endpoint security

Decoding Security Episode 104: Endpoint Security

In this week’s episode, we’re celebrating Halloween and National Cybersecurity Awareness Month with a scary question: what happens when cybercriminals attack the technology we rely on? Recent cyberattacks have targeted power grids and  Wi-Fi networks, but everyone, from organizations to individuals, can fight back with a complete cybersecurity suite that includes both website and endpoint security.

In our latest Decoding Security podcast, Website Security Research Analysts Jessica Ortega and Michael Veenstra share how to complete your security portfolio by protecting your business’s physical workstations and website applications with both endpoint and website security solutions. They also discuss recent Bad Rabbit infections and last week’s WordCamp Phoenix event. 

Missed our last episode: Securing Your Website? Don’t worry, you can now subscribe to Decoding Security on YouTube, as well as  your preferred podcasting service, including iTunes and Google Play!

And if you’re looking to complete your own cybersecurity suite, check out SiteLock INFINITY for a complete website scanning package!

security research

What is Cybersecurity?

As high-profile data breaches, such as Equifax, continue to dominate headlines,  the topic of cybersecurity – or lack thereof – has commanded greater attention. The word ‘cybersecurity’ has become the media’s latest buzzword…and for good reason. New research reveals that websites experience 63 attacks per day, per website on average – this is an upsurge from the reported 22 attacks per day in 2016.

It has become clear that regardless of a company’s size or industry, data breaches are inevitable. That said, it’s important to fully understand what cybersecurity is, as well as the different types of cybersecurity, so you can protect your business, personal information, and stay informed with what’s happening in the industry.

Read More

Decoding Security Episode 103: Internet of Things

Internet-connected devices can make our lives easier, from home assistants like Amazon Echo, to interactive toys like CloudPets. However, they’re also inherently insecure and easily hacked, a factor many overlook in favor of convenience.  In our latest Decoding Security podcast, Website Security Research Analysts Jessica Ortega and Michael Veenstra discuss the risks of using internet-connected  devices in our everyday lives, and the costs of security versus convenience.

Missed our last episode: Securing Your Website? Don’t worry, you can now subscribe to Decoding Security on YouTube, as well as  your preferred podcasting service, including iTunes and Google Play!

SiteLock Website Security Insider

Introducing the SiteLock Website Security Insider

SiteLock is excited to announce the publication of its first quarterly website security report, The SiteLock Website Security Insider Q2 2017!

The SiteLock Website Security Insider Q2 2017 includes analysis and trends based on proprietary data from over 6 million websites. The report delivers exclusive insight into the most common threats website owners faced in Q2 2017, including:

  • Malware Trends – Spam accounted for over 62% of total malware files on hacked websites in Q2 2017. This section explores malware breach incidents to determine the reach and severity of individual malware types and families.
  • Content Management Systems Risks – In Q2, 69% of infected WordPress websites were running the latest security patches for WordPress core at the time of compromise. We explore the increasing infection rates for various popular content management systems (CMS) in this section.
  • Plugin Risks – We found that WordPress websites with 20+ plugins are 3.6 times more likely to be compromised than the average website. Learn how the number of plugins can broaden a website’s attack surface and risk of compromise.
  • Website Attacks – Websites experienced 63 attacks per day, per website on average in Q2 – an upsurge from 22 attacks per day in 2016. This section discusses the common trends and prevalence of attack vectors.
  • Common Vulnerabilities – Websites with cross-site scripting (XSS) vulnerabilities averaged 74 vulnerable URLS each in Q2. Learn the prevalence of the top vulnerabilities websites faced in Q2 2017 and why they are so attractive for adversaries to exploit.
  • Social Media Risks – Websites linking to Twitter are 2.7x more likely to be compromised than the average website. As Twitter follower count increases, so does the risk. This section explores how social media can contribute to a website’s likelihood of compromise.

Research from this report will help website owners around the world prepare and respond to today’s ever-evolving cybersecurity threats. This report also presents security best practices that all website owners can leverage and easily implement into their current website strategy.

Click here to download your copy of the The SiteLock Website Security Insider Q2 2017!

secure your website

Decoding Security Episode 102: Securing Your Website

In light of the recent Equifax breach, you may be wondering how you can secure your website and prevent a similar event from happening to you. Join Web Security Research Analysts, Michael Veenstra and Jessica Ortega, for a refresher course on the basic steps every website owner should take to protect their website from hackers and cybercriminals.

If you found this week’s episode helpful, visit Decoding Security on your preferred podcasting service, including iTunes and Google Play, to leave a review and subscribe so that you don’t miss future episodes!

SiteLock

SiteLock INFINITY Wins 2017 Cloud Computing Excellence Award

We are excited to announce that SiteLock®INFINITY™ was recently recognized as a winner of the 2017 Cloud Computing Excellence Awards by TMC’s Cloud Computing Magazine. The Cloud Computing Excellence Awards recognize companies and products that most effectively deliver network security through cloud platforms and provide security for cloud based applications.

INFINITY is a state of the art malware and vulnerability remediation service featuring unique, patent-pending technology. INFINITY combines deep website scanning and automatic malware removal with unrivaled accuracy and frequency. Designed to scan a website from the end-user’s point of view, it catches any trace of malware before the user does.

Websites experience 22 attacks per day on average. That’s more than 8,000 attacks per year, per website, according to recent SiteLock data. SiteLock INFINITY provides always-on, continuous scanning to detect vulnerabilities and automatically remove malware the moment it hits. Once the initial site scan is complete, it scans again to ensure constant surveillance and protection with the highest degree of reliability.

Since 2008, we’ve remained dedicated to “protecting every website on the internet,” and SiteLock INFINITY helps us deliver on this mission.

Thank you to TMC’s Cloud Computing Magazine for honoring SiteLock INFINITY with a 2017 Cloud Computing Excellence Award!

 

SiteLock Podcast Equihax

Decoding Security Episode 101: EQUIHAX

Nicknamed “Equihax,” the recent Equifax breach is one of the largest data leaks in history, affecting millions of people. There has been a lot of discussion about proper incident response, and whether Equifax is following acceptable procedures.

In the debut episode of Decoding Security, SiteLock Website Security research Analysts Jessica Ortega and Michael Veenstra go beyond the cause of the breach to discuss what consumers can do to protect themselves now. And, even more importantly, what consumers can do to protect themselves going forward.

Listen to Decoding Security Episode 101: EQUIHAX

If you enjoyed this week’s episode, visit Decoding Security on your preferred podcasting service to leave a review and subscribe so that you don’t miss future episodes!

Malware

Apache Struts Vulnerability Found and Patched

A vulnerability was recently discovered in Apache Struts, a popular framework for web-based Java applications, which allows for remote code execution on affected servers and allows for complete control of the application. The framework is commonly used by large, sophisticated organizations such as Lockheed Martin and Citigroup, meaning the vulnerability could affect up to 65% of Fortune 100 companies, resulting in large scale data breaches and private consumer data theft.

Found by lgtm.com security researcher Man Yue Mo, the vulnerability stems from unsafe deserialization of user supplied data to the REST plugin, which allows API access to the Java application. Researchers contacted the Apache Foundation directly, allowing the plugin developers to patch the issue before widespread exploitation. As of this writing, at least one live exploit has been seen in the wild, and a Metasploit module was released.

Apache Struts joins a growing fraternity of widely used applications to see an API vulnerability this year, including WordPress and Instagram. WordPress shared a similar experience where the exploit was discovered before widespread attacks, but many users failed to update and suffered compromise and data loss. The Struts vulnerability is more complicated to exploit which should result in a less dramatic rise in attacks. Regardless, patches should be applied as soon as possible, as a proactive security stance is more effective.

Apache Struts users are urged to upgrade to version 2.3.34 or 2.5.13 respectively, and additional information is provided by Apache on the official struts webpage at: https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.34 and   https://struts.apache.org/announce.html#a20170905.

More sophisticated exploits are likely to occur as this vulnerability is examined. The best option for mitigation is to patch Struts as soon as possible to the recommended versions and regularly check for updates. Website owners should also consider adding a web application firewall and malware scanner to mitigate or reduce the severity of compromise.

SiteLock TrueShield customers are already protected against this exploit. Attempted attacks will be caught and blocked by the TrueShield WAF. If your website isn’t protected, call SiteLock at 888.878.2417 to get TrueShield installed today.

Page 1 of 28

Powered by WordPress & Theme by Anders Norén