After a massive migration to remote work over the past year, companies can now rely heavily on their new infrastructure, despite a shortcut or two taken for sure to accelerate digital transformation. Kris Lovejoy, EY Global Cybersecurity Leader and former IBM CISO, revealed that in response to the pandemic, “84% of the world introduced work-from-home capabilities, 60% introduced technology to enable this, and 60% of these have bypassed or abbreviated security checks as part of this implementation. " With new vaccines and a possible economic rebound on the horizon, companies will now be experimenting with growth strategies for 2021. However, it is critical that they double – and triple – check that they have the right security measures in place. Room for a track record of growth About the Author Brent Stackhouse is Senior Director of Security, GRC and IT at WP Engine Here are three web security tips that business leaders, marketers and developers should include in their New Year's resolutions :
Do the basics brilliantly
The most common web security question as the New Year approaches will be the same: "How likely am I to get breached?" Websites are often hacked when they run vulnerable plugins that are not fixed. Despite the all-too-common myth of WordPress Core as a point of vulnerability, it is third-party plugin vulnerabilities that account for 55,9% of known entry points for attacks. (By analogy, consider the confidence of Android's security versus the known vulnerability of apps in the Play Store.) However, that's half the equation – the other half is good WordPress account management, particularly through the use of multi-factor authentication (MFA Plugin). The solution is simple: avoid running more plugins than necessary, and make sure the ones you use have a good update history after the vulnerabilities are released. To address the burden of updating plugins and the risk of breaking critical sites, machine learning and visual testing tools can now even automate nightly or weekly plugin updates without incurring any disruption. Unintended consequences that could lead to downtime or loss of traffic. . Be sure to limit admin access to "required" users, and make sure they are using MFA.
Build the right team
The security skills gap is now well documented: around 653.000 companies (48%) have a basic skills gap, according to DCMS. This means that the cybersecurity people at these companies lack the confidence to complete the types of basic tasks outlined in the government-approved Cyber Essentials program. They also do not receive support from external cybersecurity providers. Since then, the pandemic has exacerbated this gap as remote workers move to cloud environments without the cloud security expertise to assess the risks of this development. To ensure you have the right team in place, you need to start mapping the unique risk profile of your business. Identify your risk, security, WordPress, and eCommerce experts and consider how your industry poses particular challenges, such as healthcare websites, which have undoubtedly seen different types of traffic increases this year. For those weighing between hiring and training additional in-house staff or hiring a vendor, review the basics of vendor management and how it draws lines of responsibility, depending on who fits into your security puzzle. If you're working with a partner, you'll need to have made these skills and technology investments on their behalf.
Prepare for the peaks
For retailers and e-commerce platforms, major seasonal shopping spells like Christmas, Boxing Day and January sales present a tricky challenge. Website administrators will be scrambling to respond to a high volume of revenue-generating activity on their site while tackling an increase in cyber-attacks, such as distributed denial-of-service (DDoS) attacks, which have already doubled every quarter this anus. During this lucrative time for cybercriminals, the UK's National Cyber Security Center has already updated its advice for online shoppers.
Load tests, which are performance tests that simulate actual loads on software, apps, or websites, can help answer the question, "How many people can visit my site at one time?" Proper load testing can help site administrators assess things like scaling capabilities, lifecycle bindings, vulnerability to DDoS attacks due to high load, automatic code deployment, health checks and goal tracking. Without proper planning and action, retailers are at greater risk of successful DDoS attacks leading to significant loss of revenue.
As we enter the new year, it is essential that the desire to enjoy the shopping season does not come at the cost of security. It can be incredibly frustrating when Black Friday rolls around and your website crashes due to increased traffic. The main concern is how a vulnerability has been exposed on a company's website. A website that is down due to a sudden increase in traffic becomes an easy target. It can easily become a target. So, before attracting an influx of new customers to a web page, organizations need to load the test accordingly.
Today's business leaders understand the importance of security to the health of customers and the brand, but often don't know where to start. If organizations want to get serious about their safety and not run before they can walk, they need to focus on the simple things. Businesses should have some basic web security measures in place so that while WordPress Core is secure, they pay proper attention to the plugins they use and securely manage their WordPress users. They also need to find the right balance between people, process, and technology to ensure they have the right people and skills. Lastly, they need to plan ahead for peak consumer times and seasonal periods, looking not only for peak visitor traffic, but also for different types of cyberattacks.