The exponential increase in the number of security threats from traditional web browsing has been well publicised in recent years and is a risk to all of us both personally and to our businesses.
The increased focus on web based threats has been driven mainly by much improved security around modern email services – would you even consider an email service without proper anti-spam and anti-virus for your personal email? Let alone for business email? As improved email security makes it a less attractive target for cybercriminals, so their focus has switched to the web.
And the web offers a far more lucrative target to criminals – we use the web more frequently, from far more devices and locations and most worryingly, transact far more sensitive and personal data than we would do by email. Because web usage is instant and data uploaded and downloaded continuously, your personal data can be captured and illegally used instantly as well.
So let’s have a look at the type of web based threats:
The majority of web based attacks come from users unknowingly downloading malicious or infected programmes. Once run these programmes can compromise a PC, broadcasting private information or allowing criminals to use you PC as part of their activities. Favourite techniques employed by malware creators include popup windows to say your PC has a virus infection to encourage you to download their software or using ‘poisoned’ search engine results to direct you to fake websites.
Web browser vulnerabilities
Web browsers have to access many different types of files and media – a feature that makes them both a very useful piece of software but also a very insecure one. These security ‘flaws’ can make them exposed to external hackers who can use them to gain access to sensitive information that your web browser has access to – such as passwords.
Flash / Java / ActiveX / PDF readers
These add-ons are required by many websites to function properly. However as with web browsers and indeed all software they often contain security ‘flaws’ which can again be exploited.
This is when the victim is led to a compromised website which looks like and identical copy of a legitimate website. The compromised site may then request personal information such as bank details which are passed on to criminals and used illegally. Often phishing links come through by email but they can also be presented via pop up adverts, or where you are unknowingly redirected when trying to reach a site which has been compromised.
Most web based security threats will lead to some kind of business downtime. This may range from interrupting PC users whilst their device is cleaned or re-imaged to major network downtime which can result in hours or even days of lost productivity for the business. Worse still, loss of sensitive information can result in direct financial loss or theft of intellectual property which could have a long lasting and dramatic effect on your business.
In our next article we will take a look at what can be done to address web based security threats.