This is the conclusion of a white paper written for a client about internet security considerations when commissioning a website.
Conclusion and Summary
It is inevitable that every site will be targeted from time to time by bots and malware intending to steal information and disrupt ‘business as usual’ for UK organisations with a web presence.
Poor coding and poor server management leave many companies very vulnerable to attack and the cost of these attacks can be very high and disrupt an organisation’s normal operation.
When commissioning a site, it is much more cost effective to integrate security in the development as it progresses. The expense of suffering a breach and trying to remedy the situation afterwards regularly runs to thousands of pounds.
Digital Economy Minister Ed Vaizey said: “The UK’s digital economy is strong and growing, which is why British businesses remain an attractive target for cyber-attack and the cost is rising dramatically. Businesses that take this threat seriously are not only protecting themselves and their customers’ data but securing a competitive advantage.”
The great majority of website administrators, especially the small to medium sized businesses and organisations will not be able to assemble an effective team of professionals to deal with the threat in-house. In fact, if they had those skills they would not be contracting out web development in the first place.
However, if something does go wrong it will be the organisation which pays the price, not the external developer. The organisation also carries the legal responsibility to safeguard personal data. The National Fraud Authority (NFA) has published an Annual Fraud Indicator for the last three years signalling a cost of fraud at £45.5 billion to the private sector with £18.9 billion specifically on SMEs.
It is recommended that in each organisation specific individuals are held responsible for ensuring the security of the web presence. They will be responsible for securing the data and implementing privacy policies. This responsibility can be discharged by contracting with external companies who are experts in security both for coding and for server management.
Jeremiah Grossman, founder of WhiteHat, recently reported results of his research to SCMagazine. He reported wide-scale vulnerabilities affecting 55% of retail sites. One question asked respondents who was held accountable for a website data or system breach. Fifty-six percent said no one was held accountable.
When the safety of organisational data is secured, the organisation can then concentrate on serving their clients and developing a successful business or service. Organisations who do prioritise online security will have a distinct and ever increasing advantage over the majority which do not.