Digital Security: A Constant Concern
Digital security is a topic that frequently makes headlines. Whether due to cyberattacks, information leaks, or various types of fraud, the consequences of these incidents often go unnoticed when they aren’t reported, despite the significant impact on ordinary people like you and me, as well as on celebrities and companies, which can suffer millions of euros in losses.
It’s a fact that thousands of cyberattack attempts, ranging from simple to sophisticated, occur every second. I’m not exaggerating—just last month, this website alone faced 168 different types of attack attempts. Other clients experienced over 1,600 attempts in just six minutes. When we add up the attacks across all the infrastructures we manage, this number exceeds 250,000 attempts per month. Thanks to a monumental effort, we were able to mitigate all of these attacks.
However, the security of your personal email, the administrative area of a website or web system, and other applications within your company largely depends on strong usernames and passwords. If we consider the potential damage to your business from the leakage of confidential information, we would certainly take much greater care in defining these credentials.
The Tools
We know that usernames like “admin,” “administrator,” “user,” and others are already well-known to hackers, and the same goes for common passwords. But the risks aren’t limited to our company’s applications or personal email—they extend to the various services we’re connected to, such as web applications for video creation, discount programs, and streaming service subscriptions. How many opportunities do we offer hackers to access valuable information, which in some cases could involve the confidentiality of our business and our clients?
In January of this year, the website Cybernews revealed the largest data breach in history: 26 billion personal records, totaling about 12 terabytes of data. Among the leaked information were users from LinkedIn, Twitter, Weibo, and others.
The threats don’t stop there. Remember the issue with common usernames and well-known passwords mentioned earlier in this article? Well, there’s a list on the internet called “rockyou” that contains over 14 million of these known passwords. Fourteen million! Is yours on that list?
The existence of such a list allows hackers to regularly use it to systematically and methodically attempt to access websites, web systems, and emails. The most common method is the well-known “brute force” attack, where a program systematically tries to access a system using a username and password from this known list. And if your web system has a vulnerability that exposes the username, 50% of the hacker’s work is already done.
A Case of Brute Force
Look at the image below:
This image clearly depicts an attempt to access a web system using brute force. We see that the hacker would likely succeed, as they found the password for a specific user after just 225 attempts. Now, I ask you: what kind of damage could such a vulnerability cause to your business?
How to Protect Yourself
I can’t claim it’s impossible to prevent a cyberattack or data breach. I wouldn’t be so bold. However, we can make such attempts more difficult. The first step is to use strong passwords. On our website, we offer an application that can generate secure passwords.
These more sophisticated passwords should be used for all your accounts, especially for rarely used emails and those used for account recovery.
Your website hosting service and web systems should have a DDOS attack prevention policy in place—a type of attack where an invader overwhelms a website, server, or network resource with malicious traffic.
An anti-brute force policy should be considered when building your website and web system. Separating professional, personal, and subscription-related emails, affiliate programs, and other accounts is also a good idea.
For each of these accounts, use a secure password with 12, 15, or 18 characters that combine numbers, uppercase and lowercase letters, and special characters. Let’s make life as difficult as possible for hackers.
If you’re curious to know if your email has been compromised in one of these attacks, check out services like have i been pwned and Check your password to assess the strength of your passwords.
We Can Help You and Your Business
With our years of experience in creating and developing websites and web systems, we’ve learned to observe the behavior of bots that scan websites and web systems for vulnerabilities, brute force actions, and how to neutralize them.
If you want to understand the risks your website or web system is exposed to, contact us for an evaluation. We would be happy to assist you and your business.