If you decide to outsource the sourcing of your website or other services to a third party you need to remind yourself that no provider can guarantee you 100% security. Some providers will provide an SLA whereby they will pay penalty fees in the event that your site is compromised, however this is simply a “money back gaurantee” and does not take into account the impact that breach could have on your business such as loss of business or damage to your reputation.

You therefore need to make arrangements with your provider to ensure they can provide you with services and assistance to ensure a timely recovery from a hack. However, you need to make the decision as to how you want to deal with the various types of attacks that you could face. Depending on the type of website you are running you may be targeted for some of the following attacks;

1. Website defacement – where your webpages are altered without your knowledge – similar to on-line graffiti
2. Denial of Service Attack – whereby your site is prevented from serving legitimate users as a result of extra traffic/requests being sent to your site to make it unusable. Often this attack can be followed by extortion demands to prevent the attack happening again.
3. Hosting of unwanted files – Your site could be used to host files belonging to the attacker so that he can share them with his/her contacts. This can waste valuable processing and storage resources on your server.
4. Hosting of malicious software – Your site could be altered to host files that contain viruses or software that exploits unpatched client PCs that browse your site.
5. Jumping off point – Your site could be used by an attacker to attack another site. By using your site the attacker is covering their trail.
6. Botnet – Your server could be compromised and made part of a Botnet to pump out spam and other unsavoury content.

You need to review what type of website you host and as a result what risks and attacks you face and design your countermeasures accordingly. For example if your site is hosted on a shared server it may be prudent to move it to a dedicated server. This will increase your hosting costs but reduce the risk of your site being compromised as a result of another site on the shared server being compromised.

You should also put in place your incident response plan. You should talk to your hosting provider and any other relevant providers to ensure you have the right contacts in place to ensure a rapid and effective response to an attack. Also consider what technical, legal and PR advise you may require. You may need technical advise to properly capture the information relating to the attack so that it is forensically sound in the event the attack results in a criminal or civil case. You may need legal advise to determine what your legal obligations may be as a result of a particular attack and PR advise in place to determine what is communicated to customers, shareholders and staff during or as a result of an attack.

You should also consider reviewing and/or regularly testing the security of your site to ensure no vulnerabilities exist that may be exploited by attackers.

A number of resources are available on BH Consulting’s site that may be of use. A whitepaper entitled ” Incident Handling and Management” and a copy of the presentation I gave at last years National IT and e-Security Summit entitled “Improving Security – Incident Response”