http://www.digitaljournal.com/technology/review-website-security-threats-becoming-a-growing-concern/article/383258

Website security threats becoming a growing concern

Posted May 8, 2014 by Anthony Carranza
As we become more reliant on the internet technology, and developing web applications the risks of attacks are becoming increasingly a problem for organizations.
Untitled
hackronomicon.com
In the awakening of the Heartbleed security flaw, the news about cyber espionage conducted by the National Surveillance Agency (NSA) and increasing application threats has caused concern about website security. The 2014 Verizon Data Breach Investigations report explained the growing problem with web application attacks and how organizations are unable to solve data breaches in a reasonable time frame.
The data analyzed was a compilation from 50 organizations from around the globe with 1,367 confirmed data breaches and 63,437 security incidents. The organizations to be the target of these sophisticated website attacks are for those in the financial and retail industry, which expose website application security flaws for those targeted.
“Still, Web app attacks were far and away the most common threat type, with 35% of all confirmed breaches linked to web application security issues. That number also represents a significant increase over the three-year average of 21% of data breaches falling under the Web app attack pattern,” according to the report.
The motivations behind orchestrating the attacks are motivated by ideology or from lulz-doing it for the sake of amusement or laughter. The incremental rise of these security incidents are tied to intercepting vital information from important institutions and gaining their financial advantage.
Heartbleed for instance in early April revealed that 500,000 websites or more had a major security flaw. The vulnerability affected frequently visited websites like Facebook, Google, YouTube, Yahoo and Wikipedia. The identification of it resulted in heavy coverage by news organizations, blogs, social networks, TV and more. The way to ensure you information was not compromised was to change your password.
The Pew Research Internet Project published the impact Heartbleed had and resulted in the following findings from the survey:
“39% of internet users say that after they learned of the online security problems they took steps to protect their online accounts by doing such things as changing passwords or canceling accounts.”
“29% of internet users believe their personal information was put at risk because of the Heartbleed bug.”
“6% of internet users say they believe their personal information was stolen”
To kind of mitigate these worrying security breaches the advice is for enterprises to consider implementing some form of a two-factor authentication as a way to counteract several attacks of this nature.
What types of attacks were used? Hackers or attackers use phishing — the act of attempting to acquire sensitive user data like usernames, passwords, credit card details etc. But the most common web application vulnerability sought after is SQL injection and other application level attacks. So, it might be a good idea to use a software that not only enhances web application security, but provides an optimal level of protection.
To fend off these attacks organizations are going to have to become more familiar with these security incidents and pay close attention how they happen. Adopting or purchasing Software as a service (Sass) — for example Fireblade — is a good investment that protects the business operations. It gives the people responsible for the company the necessary peace of mind and be allowed to focus on core business goals.
Web Application Firewalls (WAF) offer your website application app a good level of security against complex and dangerous attacks, which may put your operations offline that can result in costly damages.
In summary, the development of websites along web applications has resulted on the one hand a cost-effective tool. On the other end of the spectrum you have a service that is vulnerable to website application attack, which means organizations will have to focus efforts on making their entire infrastructure more secure to these events and data breaches.