,
Reputation damage can destroy a company. Why is it companies do not avoid this happening on their own websites? We look at the causes and effects.

CYBER SECURITY: REPUTATION DAMAGE, CAN YOU AFFORD IT?

Cyber security has once again become a hot item as Talk Talk get hit for the third time within a year by cyber criminals looking to exploit weaknesses in company websites.  

The attraction is obvious, if you can gain access to personal details, entrusted to companies who are supplying you services and managing these services online, then you have the potential opportunity for committing fraud on a massive scale.  

In this article, we look a bit further than the potential for fraud and what this type of attack on your business could mean for you.

How do these attacks occur

Security on the internet is evolving fast and new defences are being implemented by software vendors to help companies protect their online presence, but cyber criminals are also evolving their techniques and methods as well and are always looking to defeat.

Talk Talk Website after Cyber Attack

Cyber attacks can be considered in different groups which we have covered in more depth in our article on Cyber Threats.

What effects can these attacks have on your website

Attacks on your website and web applications can vary considerably depending on the intent of the attacker. There are several types of cyber attacks and we have categorized some of them here: 

•    Website defacement

Such an attack is where the content and visual presentation of the website is modified.  Defacement can range from a subtle change of a few words, to modification of web-links all the way through to complete replacement of the website.  In some cases we are aware of websites being eradicated, leaving the website owner with no web presence at all and even worse, not knowing how to get the website back.

•    Data theft

Data theft is a common form of cyber attack that concentrates on accessing information that could be accessed through weaknesses that have been identified in the website.  The data is then harvested and can then be used in many different ways from just reselling it on to using the data to commit targeted data fraud, of which there are regular news items covering such instances. 

•    Modification of data, and particularly modification of users' personal data

Also known as Alteration attacks are exactly what they state they are.

The attacker uses the security access they have gained to make an unauthorized change to data or possibly programming code.  Attacks of this type undermine the integrity of the website and create an environment where the website performs other activities that are not authorised or sanctioned by the website owner.

These types of attacks can be undetectable as the website may appear to be working normally but unbeknown to the webmaster ( the manager responsible for the website ), malicious activities are occurring.

How does a cyber attack affect my company?

As explained each of the different categories of cyber attack have different outcomes that are dependent on the objectives of the attacker.  However the results are often similar for the organisation whose website has been compromised.

If the effects of the attack can be contained and no data or website integrity is lost then it is possible that the company, apart from having some internal costs to pay for data and website recovery, may come out of the problem unscathed.

However, as has happened in the high-profile cases in the media the company can come under an intense media spotlight that highlights the company in an extremely poor way.  

What happens at this point can be critical to the long-term survival of the company as their public response and approach will determine how their customers will view them moving forward.  Handled well and their customers will remain loyal, handled badly and the reputation of the company may remain intact.

Reputational Damage to a company's brand is absolutely the last thing a company wants as often it is the brand that reflects the company and what it has to offer, so if the brand becomes tainted then the company image also becomes tainted. In some cases, companies fall at this point, but recovering a brand is not impossible, but it does tend to be expensive and takes a lot of time to regain customer trust and loyalty again.

What can be done to protect against cyber attack?

Once a company has been attacked, even if it has improved its cyber defences, it will remain a target, so the adage of lightening doesn't strike twice does not apply in this case. As we previously noted, Talk Talk has had three high-profile attacks in recent memory.

However, although the threats and weakness are always changing there are a considerable amount of actions you can take to reduce the threat of a cyber attack against your company. 

Also do not fall into the trap of ‘our website is too small' to be of interest to a cyber hacker, the internet is full of articles covering attacks on small companies and in a study covered by Forbes magazine it was found that over 70% of the cyber attacks they analysed were on companies with fewer than 100 employees.

To combat this major threat to your business, we recommend that you establish an audit of your website to determine the level of threat and response capability.  We also recommend a thorough review of the tools and methods you have in place to detect threats and attacks as in almost every case a major attack is preceded by the hacker testing out your website for vulnerabilities.

And finally…

Don't let it go; you will only know about a cyber attack once it has happened.