What causes a small business website to be hacked by cybercriminals? To answer this question, SiteLock analyzed 6 million websites and identified alarming trends in attacker behavior and tactics. The SiteLock Website Security Insider Q4 2017 reveals what these trends mean for your business, and provides simple tips to protect your website from complex cyberthreats.

Check out a brief summary of key findings below, or download the complete report to read the research in full.

Prevention is the best protection

The average website is attacked 44 times per day.

You can’t prevent cybercriminals from attempting to attack your website, but you can stop them from being successful. Websites experienced 44 attacks per day on average in Q4 2017, a 25 percent decrease from the previous quarter. Despite this decrease, a single website can still experience 16,000 attacks in one year alone.

“A decrease in attacks does not mean that websites are safer. In fact, it may even be the opposite,” says Neill Feather, president of SiteLock. “Hackers are constantly trying new avenues and even leveraging older tactics that continue to be successful. As our research shows, cybercriminals are now able to successfully breach a site with fewer, more targeted attacks. Now more than ever, businesses need to evaluate their current security posture and ensure they have both the right technology and a response plan in place should a hack occur.”

Taking basic precautions, like updating any plugins and themes to patch vulnerabilities, will reduce your chances of a successful attack. Additionally, a website scanner can find malware on your site, helping to mitigate threats in real time. By staying vigilant and proactive about protecting your website, you can decrease the chance that one of those 16,000 attacks will impact your business.

Searching for malware

Only 19% of infected websites were blacklisted by search engines.

There’s one method of malware detection you should never rely on: a search engine. Search engines perform basic website scans as a means of protecting users from harmful websites. This is done as a courtesy for website owners, but it’s not the intended purpose of a search engine. Yet many website owners assume that a search engine will alert them if malware is on their site. Unfortunately, by the time they find out, it’s usually too late and their website has been blacklisted.

Blacklisting means more than just a malware infection –your search rankings, traffic, and reputation could take a major hit as well. Since this can be devastating to a small business, search engines will always err on the side of caution before blacklisting a site. In fact, search engines are so cautious, they only notified and blacklisted 19 percent of infected websites in Q4 2017, down three percent from the previous quarter.

“Many website owners remain unaware that website security is their responsibility and rely too heavily on popular search engines and other third parties to notify them when they’ve been compromised,” said Jessica Ortega, security analyst at SiteLock. “It’s important to remember that security is not the primary role of a search engine. In addition to leveraging website scanning technology, proactively monitoring your site for suspicious activity on a routine basis should be a basic practice for all website owners.”

Nearly half (46%) of all WordPress Sites infected with malware were up to date with the latest core updates.

Defending against vulnerabilities on WordPress or other popular content management systems (CMS) requires more than just keeping your core software updated. In Q4 2017, 46 percent of all WordPress sites infected with malware were running the latest version of the core application. While core updates do repair critical security issues with the core files, they don’t address specific vulnerabilities found in individual plugins, themes, or other optional add-ons. “A single unpatched vulnerability could leave every page on your site open to attack,” says Ortega. “However, most small business owners typically don’t have the time or resources needed to stay on top of all security updates. Because open source platforms remain a huge target for attackers, it’s critical that both plugin and core updates are consistently enforced in order to patch vulnerabilities and prevent malware. Leveraging proactive security solutions that can automatically keep software up to date is a good option.” 

No matter the size of your business, a compromise can happen to anyone at any time. Now is the time to learn about cyberthreats, and how you can defend your business against them.

“It’s worth repeating that no website is too small to hack,” said Feather. “Even the smallest website can be targeted for its traffic, data, or computing resources. In order to stay ahead of today’s ever-evolving threats, website owners must be proactive about understanding the ins and outs of their website to ensure they have the proper protection in place.” 

For more information about trends in cybercrime and proactive website security tactics, download The SiteLock Website Security Insider Q4 2017.