Daniel Beazer

How Do I Protect My Brand From Malicious Cyber Attacks?

3rd Oct 2012 Brand 4 minutes to read

Privacy ConceptDaniel Beazer, director of strategy at FireHost, discusses the four most vicious hacks that can damage a website, and how to protect yourself against them.

Most of the posts on Reputation Management are about how to use the power of the web to build brand equity. What happens when your (or your client’s) hard won reputation becomes a target and the site, or even worse, the site’s end-users, become the victim of malicious cyber attack?

We’ve all seen how reputations built up over years can be ruined in minutes by hackers or some other technical disaster. A lot of agencies protect themselves by having clauses in their T&Cs that exclude liability for security breaches. It’s a reasonable enough stance; after all, it’s almost impossible to protect a customer against all potential attacks. But the conversation with the client who has just had his customers’ credit card details broadcast over the net won’t be a pretty one. It’s best never to put yourself in that position and be able to show that you have incorporated a genuine security element into the build. Those ‘best practices’ in the T&Cs really need to be best practices.

But how can an agency go about protecting customers against the thousands and thousands of potential attack forms proliferating on the web? Is there a shopping list of major attack types for which the digital community needs to look out? Sort of.

As a secure cloud IaaS provider at FireHost we believe developers should have a broad overview of attack vector trends, and in response the hoster provides some really useful tools that help you safeguard against them.

Our company’s Superfecta Report graphs the frequency and trend of the four most vicious hacks, giving our developers a clear picture of the patterns at play. Named after a type of wager where the gambler picks the first four finishers in a race, in the correct sequence, here’s a closer look at the current trends for attacks mitigated on behalf of FireHost’s clients:

Directory traversal
It’s not the most well known attack but it’s become the most common, taking the top spot in the rankings with a 43% share in Q2. It’s not the easiest breach to explain. Crudely it’s an http attack that allows hackers to access restricted directories (hence traversal).

Cross site scripting
The second most common attack with 27%. The attacks are an injection problem in which scripts are injected into a website, which then becomes compromised and sends malicious script to end-users’ browsers.

Cross site forgery request
Takes third place with 12%. In a cross site forgery request, a victim is tricked into loading a page that contains a malicious request, such as changing the victim’s password.

SQL injection
In last place with a 9% share but, worryingly, attacks have risen dramatically Quarter on Quarter bumping up 69%. By injecting SQL code (the widely used database language) into a web form entry field, the attack attempts to pass a rogue SQL command to the database. This is the most widely known attack though, thanks mostly to high profile breaches at Sony, Yahoo, and LinkedIn

What Can I Do?
Security or ‘being secure’ is not a state; it’s more like a constant battle or an evolutionary arms race, where the opponent, the methods of engagement and the weapons of attack constantly change. That’s why the survey comes out quarterly.

Simply keeping up with the trends in the most common types of cyber attack won’t solve all security problems, but by covering off the four most common, you can at least avoid the embarrassment of ignorance in front of a client and become a better shopper for technology service partners.

For web design agencies, the cloud is becoming an increasingly popular option for hosting projects. With the pay-as-you-go service delivery model, it’s easy to see the attraction for an industry where the three-month project is a staple.

But what questions should an agency be asking when it’s looking for a hosting partner to take its hard-won project to the cloud? As we’ve said, taking a close look at their approach to security is vital. Can the hoster protect your clients adequately against the most common type of threat as outlined above? Then, do they really have a month-to-month contract model or do their contracts actually run year to year? Beware, many providers like sticking to the old contractual model and just incorporate a few elements of pay as you go into the billing.

Finally it’s a good idea to ask cloud providers if they have a partner scheme. Some will pay as much as 10% of any revenue you bring to them. It can be done two ways, with either the agency billing the customer for the hosting and fronting the contract themselves, or with the end-client signing the paperwork and the agency picking up a fee for the introducing a new customer.

With cloud computing being the thing of the moment in the IT world, web designers are spoilt for choice. Ask the questions in this guide though, and, very few will be left. For many designers, developers, and agencies, the best solution is to host in a properly secure, virtualised hosting environment, which provides protection against the most common attack types plus more.

The views expressed in this post are those of the author so may not represent those of the Koozai team.

Image Source

Security concept with a lock via BigStock

Share this post

1 Comment

What do you think?

London cityscape
Stacey Cavagnetto

The Best Digital Marketing Agencies in London

Stacey Cavagnetto
18th Jan 2023
Marketing Strategy
Gary Hainsworth

How To Write Ranking Content In 2023

Gary Hainsworth
16th Jan 2023
SEO Blog

Digital Ideas Monthly

Sign up now and get our free monthly email. It’s filled with our favourite pieces of the news from the industry, SEO, PPC, Social Media and more. And, don’t forget - it’s free, so why haven’t you signed up already?

Download Your Free Whitepaper

Brand Protection Guide


Call us on 0330 353 0300, email info@koozai.com or fill out our Contact Form.

Map of Hampshire Digital Marketing Agency
Hampshire Digital Marketing Agency
Merlin House 4 Meteor Way Lee-on-the-Solent, PO13 9FU, UK
Map of Lancashire Digital Marketing Agency
Lancashire Digital Marketing Agency
Cotton Court Business Centre Church Street, Preston Lancashire, PR1 3BY, UK
Map of London Digital Marketing Agency
London Digital Marketing Agency
Albert House 256 - 260 Old Street London, EC1V 9DD, UK

Unlike 08 numbers, 03 numbers cost the same to call as geographic landline numbers (starting 01 and 02), even from a mobile phone. They are also normally included in your inclusive call minutes. Please note we may record some calls.

Circle Cross