The volume and level of sophistication of web security threats are increasing every year. Over a three-month period (Q4 2017 to Q1 2018), McAfee Global Threat Intelligence reported a rise in malicious files from 45 million per day to 79 million per day. Web traffic is the most common way that cybercriminals attack—either to disable an organization’s website or to use its employees’ web browsing to pass along malware and steal passwords.

The fallout from a web attack can range from downtime and loss of business to loss of credibility and consumer trust. Credibility loss is especially damaging to companies in industries that rely on consumer trust to prosper. These include retail, financial services, security, and healthcare industries, which must all protect data as part of their business. If the attack spreads malware to partners and customers, or results in credit card fraud or other financial losses, then the targeted company might also incur legal costs and fines.

The cost of downtime alone can be significant. According to Gartner, the average cost is $5,600 per minute ($300,000 per hour). In 2016, Information Technology Intelligence Consulting reported that one-third of surveyed organizations estimated downtime costs of $1 million to $5 million per hour.

Web security threats

Web applications were the most reported type of data breach, according to the Verizon 2018 Data Breach Investigations Report. These are the most common types of website attacks:

In a distributed denial-of-service (DDoS) attack, the cybercriminal commandeers multiple computers, such as infected PCs or smart appliances, and uses them to flood targeted websites with a high volume of traffic. The aim is to disable the targeted system and render it inaccessible. In some cases, the attacks act as a distraction to cover other hacking activities.

Malware is malicious code, including viruses, Trojans, spyware, and ransomware. Attackers often plant malware on a website so that site visitors will unwittingly download the malicious code—a tactic known as a “drive by” attack. Attackers use malware to harvest personal and financial data or use the collective CPU power of multiple computers to carry out other attacks or to mine cryptocurrencies.

Ransomware is a form of malware that encrypts an infected computer’s files and demands payment from the victim in return for the decryption key. Payment is usually in bitcoin or other cryptocurrency because of its traceability.

SQL injection is a cyberattack that targets SQL databases that operate behind websites. The Open Web Application Security Project (OWASP) considers SQL injection the number one problem in website security. By inputting a string of SQL commands into a website form or URL, an attacker can force a SQL database to reveal personal or confidential information, including credentials such as usernames and passwords, credit card data, and more.

Cross-site scripting is an approach hackers use to inject malicious scripts into web pages that others view. This technique can enable a hacker to steal information such as passwords and credit cards, redirect visitors to another site, execute malicious scripts on users’ browsers, or hijack sessions.

Web protection strategies

An effective combination of web management practices and internet security technologies can help protect an organization from many types of web security attacks. These are primary web protection strategies:

Encrypt sensitive data in transit and at rest
Classify data based on its sensitivity and regulatory requirements and encrypt all sensitive data at rest and in transit. Enforce encryption using directives such as HTTP Strict Transport Security (HSTS).

Properly implement access controls
Web administrators sometimes incorrectly implement authentication and session management functions, allowing attackers to compromise passwords, keys, or session tokens. Likewise, flaws in access control settings may enable hackers to access accounts, view sensitive files, modify data, and change access rights. A variety of best practices and access control technologies can enhance web security, including regular auditing and updating of user access rights and credentials, role-based access policies to restrict user privileges to the applications and data needed for their jobs, and vulnerability scanning and analysis software.

Employ patch management and updating
Components, such as libraries, frameworks, and other software modules, are particularly vulnerable, as they run with the same privileges as their underlying application. If a component is outdated or originates from an unsecure source, the attacker can exploit vulnerabilities to assume control of a server or steal data. Regular patch management and updating both help ensure that web applications and components are secure. A subscription or virtual patching service can help ensure rapid, effective patching of vulnerabilities.

Implement multi-factor authentication
Hackers can steal or guess passwords. Two-factor authentication requires the user to provide additional information besides a password, such as a code sent to their smartphone or a PIN they remember.

Implement state-of-the-art web firewalls and gateways
A web application firewall protects the website from incoming attacks, while a web gateway protects the network and internal systems from malicious web traffic, which can then infect a website. These web security technologies may employ similar methods of detecting and blocking threats, and they may be integrated into a single product. Primary effective methods of defense include:

  • Filtering based on signatures, reputation, and category. Major gateway providers such as McAfee employ real-time filtering and classification engines. These techniques analyze and identify incoming attacks, suspicious behavior patterns, and potential malware, and then apply rules to block, quarantine, or conduct further testing.

  • Behavioral analysis. This approach simulates the behavior of suspect files and components such as JavaScript or Flash files, or activates them in a sandbox (a separate, restricted environment) to identify their behavior and actions. This technique can evaluate components in milliseconds, which is fast enough that the user is unaware of the intervention. Behavioral analysis is especially useful for zero-day attacks, like when the malware signature is not yet known.

Use managed security services
Many organizations rely on managed security service providers for web protection. Security companies like McAfee apply the expertise and signature databases of cybersecurity threats needed to provide secure web protection. Security solution providers use their clients’ collective traffic to continually enhance their ability to accurately identify exploits and cyberattacks before they can disrupt their customers’ systems.