Cyber security

3 Ways to Safeguard Your Company From a Ransomware Attack

ransomware attackRansomware attacks have been around for decades, and they continue to wreak havoc on systems around the world.

However, gone are the days when biologists spread the ransomware attack PC Cyborg through floppy disks to innocent victims. Attacks have gotten bigger and more dangerous; we are now all too familiar with attacks like Osiris, CryptoLocker, and WannaCry, which collectively infected hundreds of thousands of computers in over 100 countries, costing millions of dollars in damage.

Ransomware attacks continue to be an issue due to the continual development of new techniques for infecting systems. We have seen a major increase in occurrences over the last few years, resulting in the constant development of techniques used to safeguard systems against these intrusive attacks.

 

Read the rest of this entry »

Implement API Security Measures to Protect Your System

API securityIf you are familiar with platform security policies, chances are you’ve heard of the Open Web Application Security Project (OWASP). This non-profit organization focuses on improving software security and makes it a primary mission to ensure software security is visible, which makes it easier for organizations and individuals to make informed decisions with their software by distributing information about AppSec to users across the globe.

The increasing use of mobile devices, coupled with more application services and integrations, micro-services, and clouds, are drastically changing the landscape of security. OWASP issues a top 10 standard set of rules that are applied to security policies across various platforms, and the most recent list, published in 2017, presents notable changes that reflect these increases. The most evident change is the inclusion of OWASP A10 — under-protected application programming interfaces, or APIs for short.

Why Is API Security Important?

APIs contain programming standards, instructions, and protocols that allow two applications to communicate with one another. Essentially, APIs serve as a bridge that ensures proper and consistent communication between two systems.

Read the rest of this entry »

Don’t Let Cyberattacks Bring Down Your Holiday Cheer

cyberattacksThe holiday shopping season can make or break an online retailer. By doing things well, you can expect sales to surge and your customer base to grow throughout 2018. Do things poorly and you sacrifice many sales while cultivating a negative image for your brand. And if there’s one thing that can seriously damage your brand’s reputation, it’s cyberattacks and a cybersecurity breach.

With several high-profile cyberattacks in the news recently, shoppers are more cautious than ever about giving websites any confidential information. A survey of over 2,000 adults revealed that 44 percent are worried their credit card information will be stolen from a website, making it the single biggest source of anxiety surrounding holiday shopping.

The risk of cyberattacks is just as strong as the worry — an analysis of the 2016 holiday shopping season saw the number of attacks increase by 20.6 percent in November and December. To keep your customers safe (and your brand image intact), there are a few strategies to consider:

Read the rest of this entry »

3 Ways to Prevent Bot Attacks on Your Web Applications

botsIt’s becoming more common to hear about IoT security — or the lack thereof — in the news, and computers and IoT devices are frequently targeted by hackers for “bot” employment to perform distributed denial of service (DDoS) attacks, application exploits and credential stuffing. Non human traffic or bot traffic represents currently more than 60% of the total traffic going to web sites.

Those bots come in a variety of forms, making it extremely important to distinguish between the infected hosts that often make up botnets to perform various malicious activities, to the legitimate bots that are extremely important in driving customer traffic to your site (Googlebot, for example).

Different Types of Bot Attacks on Web Services

Websites that contain pricing information and proprietary information are especially vulnerable to bot traffic.

An example of a content scraping process can be seen when airline companies use bot farming to scrape price information from competitive airline company sites. They use this information to dynamically price similar products — once they find out what a competitor is charging, they can price their services lower to gain a market advantage.

A more malicious use includes deploying a botnet that seeks out vulnerabilities in website technology and stores this as a vulnerable site, ripe for exploitation. Read the rest of this entry »

Protecting Your Business From Increasingly Sophisticated Cyberattacks

cyberattacksWhether you’re leading a Fortune 500 company or your own small business, cybersecurity must be a fundamental business objective. Several high-profile cyberattacks in the first half of 2017 have affected organizations of all sizes all over the world, and these attacks are only going to become more common and more sophisticated.

As a business leader, it’s important to understand that the threat is constant. Even if you’ve never experienced an attack, your servers are perpetually being scanned by hackers for vulnerabilities — and the damage can be fatal to your business. A cyberattack can result in the loss of critical information, putting the reputation of your brand at stake.

If you suffer a cyberattack and are able to react quickly, it’s certainly possible to mitigate the damage to your business and your customers, though containing an attack can get tremendously expensive. If you have a plan in place, however, you can save yourself a lot of time and money — and protect the future of your business.

Read the rest of this entry »

Prepare Your Business for a DDoS Attack – 5 Recommendations

DDoS AttackDistributed denial of service (DDoS) attacks have become a part of having a presence on the web. While the question used to be if you will be attacked, today it is only a matter of when. Because of this, it is more important than ever to have a defense strategy in place. But, for all the media coverage and attention any DDoS attack may receive, their purpose and how to best defend against them are not always well understood.

According to the 2016 Verizon data breach incident report (DBIR), DDoS and web app attacks have increased substantially over the last year. Successful data breaches of web app attacks where data was stolen increased from 7% to 40% with targeted data including:

  • Credit card data
  • Personal information
  • Financial credentials
  • Passwords

If you want to ensure that your business is ready for a DDoS attack there are a number of best practices you should keep in mind. What follow are 5 recommendations from our 10 years of experience managing over 80,000 servers. If you want an even more in depth overview, as well 5 more recommendations, you can download the full white paper here.

Read the rest of this entry »

Cyber Security: 5 basic lessons for everyone

Fred Streefland, IT-Security Manager at LeaseWeb and Dave Maasland, CEO Eset Netherlands.Cyber Security

A version of this article originally appeared on Computable.

Recently we’ve had the opportunity (a quite fun and interesting opportunity), to visit a number of Information Security and Cyber Security congresses. During these congresses we were flooded with relatively ‘new’ developments such as Next-Generation, IoT (Internet of Things), IoT DDoS, Security Intelligence Platform, et cetera. The fact that some these terms have become ‘hype’ is not in itself a problem, but we did begin to wonder whether the security world may be looking at things in the wrong way and thereby missing the demands that need to be addressed.

In this article we will suggest a new way of looking at cybersecurity that stops viewing it as a goal in itself and instead as something that is directly connected to business needs. As it stands now, it seems that too many security-organizations are missing the mark.

Security can be quite complex, but its essence is quite simple. Security is nothing more than reducing or taking away risks, and making them visible so that the business can accept them and continue doing its work – nothing more, nothing less. To do this as effectively and efficiently as possible, we, as security-people, have to understand the business and not see it solely from an IT-Perspective but form the broader perspective of the business itself.

When starting from the business, we first have to identify, map, and categorize the risks for the specific business. Second, we have to determine, together with the business itself, which risks need to be dealt with in which order. When that’s done, the person responsible for security within the company has to set-up a security-plan that depicts how these changes are executed. When doing so, there should always be clear goals and deadlines. Ideally, this should be done in a ‘smart’ way, one step at a time, so as to not engage in too many projects at once.

Lesson 1: Start with the business (and its risks)

Read the rest of this entry »

LeaseWeb on Twitter

Why Open Source Platforms Are an Effective Tool for Your Business lsw.to/li1 #leasewebblog #opensource

test Twitter Media - Why Open Source Platforms Are an Effective Tool for Your Business https://t.co/Gup4QyVJut #leasewebblog #opensource https://t.co/kUjG7lbCpV

. @Leaseweb and @HPE are bringing you a #Cloud #Hosting and #Cybersecurity Meetup in Amsterdam! Join us after the @MSH_Summit for an exciting evening! lsw.to/lip

test Twitter Media - . @Leaseweb and @HPE are bringing you a #Cloud #Hosting and #Cybersecurity Meetup in Amsterdam! Join us after the @MSH_Summit for an exciting evening! https://t.co/AdJ6ZlvL05 https://t.co/y1nzCvkRcD

We are live! Watch the livestream for Twino FinTech Talks hosted by Leaseweb facebook.com/TWINOeu/videos… #fintech @Leaseweb @TWINO_eu

test Twitter Media - We are live! Watch the livestream for Twino FinTech Talks hosted by Leaseweb https://t.co/twy0zqHJl0 #fintech @Leaseweb @TWINO_eu https://t.co/4tCGQVufC8

.@Leaseweb supports @MSH_Summit as a Silver Sponsor [Dutch] lsw.to/liX - We are excited to see you all there!

test Twitter Media - .@Leaseweb supports @MSH_Summit as a Silver Sponsor [Dutch] https://t.co/pdTPKeHs5i - We are excited to see you all there! https://t.co/lBUx6KmMic