I have been researching with former bad guys into what makes them pick your specific website to attack. Most of you will probably roll up for work on Monday without having to start a recovery operation. Everything worked fine didn’t it? Or, did someone else get attacked instead by the serious bad guys.
Bearing in mind though that the typical criminal hacker waits 6-8 months after a hack finding out all about your organisation before hitting you then you might have been hacked but be blissfully unaware. The list of things they look for is not too long and a few of those are:
Slow or clunky running website – if performance isn’t a priority then security will be further down the list
Administrator uses an identifiable name – they can use that to profile the administrator and get passwords from social media and previous breaches
Out of date programs, certificates and patches – easy to exploit with up to date malware.
If you want your website to be hard to compromise rather than easy and want to stop playing Russian Roulette I am happy to share more, so we can make a criminal hacker miserable rather than you.
Enjoy the weekend and let's be careful out there