There are more than 3,500 new pieces of malware that infect more than 30,000 websites every day. Enterprises spend thousands of dollars per year on cybersecurity and web monitoring solutions to help make sure that their web sites are up and fast, but often have no monitoring in place for Web malware. The reality is that serving Web malware is far worse for your brand reputation than your site being down because it actually causes harm to your most beloved asset - your customer base.
Simply put, Web malware is a compromised webpage on a site that serves malware when a victim browses the site. A visitor can become infected by clicking on a link on the site (you may have seen those ads that put up a big flashing image saying your computer is infected and to download a program to fix it. When the program is downloaded and executed on the computer, it actually installs real malware on the PC). Visitors can also become infected through vulnerabilities in browsers that allow programs to be downloaded and executed without the visitor knowing. This is bad because malware allows cyber criminals to access these infected PCs to, among other things, steal data and passwords, execute distributed denial of service (DDoS) attacks and take over sites and/or Web systems.
So, how do the bad guys compromise your system to begin with to get your site to serve web malware? Nefarious actors will scan millions of websites programmatically, looking for known vulnerabilities to break in and overwrite legitimate content with their own "bad code" which serves the web malware when a visitor views your site (I could write many pages on the various methods of compromise, but I'll save that for another blog post).
I did, however, recently give a webinar on this topic that was recorded for on-demand access. A huge point I emphasized to the participants is how badly Web malware can affect their brand and what they can do to protect themselves and their customers. In today’s digital world, you must take all precautions to make sure you aren't the one serving Web malware. What a horrible blow to your brand!
So what can you do? First, make sure you take the normal precautions of keeping your website secure, including:
- Keeping up to date on security patches for the operating system, as well as any third party software you use
- If you developed your site yourself, make sure a trained security company has done a security audit looking for holes
- Use a firewall etc.
In addition, subscribing to a service like Verisign MalDetector, which regularly scans your website, alerts you if you are a victim of Web malware, and provides instructions on how to remove it, is critical. You can't always stop your site from being compromised, but you can make sure you at least get alerted as soon as it happens so you can clean it up. You don't want to be known as "those guys," the ones that caused their customer base to be infected by malware. That's one moniker a brand doesn't need.
What kind of cybersecurity measures are you taking to protect your website and customers?