WSJ: Keeping Your Site Out of Hackers' Clutches - At Cost
Riva Richmond of the Wall Street Journal tells small companies how to to protect themselves against hackers. It's the same story again, but now the Nation's respectable paper adds some protection advises as the attacks are growing.
Attackers are increasingly infiltrating small businesses' Web sites and using them to quietly drop malicious programs, typically designed to steal personal financial information, onto the computers of visitors, security experts say. Some are also digging around in databases for valuable information or trying to capture e-commerce customers' credit-card numbers.
Yup, the bad guys penetrate web applications and databases, looking for digital assets they can steal. No surprises here.
While I understand that a newspaper is not a substitute for research I am disappointed that the WSJ did not cover one of the more appropriate solutions for small companies: Web Application Firewalls.
The WSJ offered different suggestions from religiously apply security updates, through bringing in a security expert, using strong passwords (and keep them close), using automated tools for finding flaws
or even hire a hacker (just to to expose any vulnerabilities from faulty site construction) and then find fix any problems he finds.
Small companies will find that identifying the problems is one thing, but then fixing it has an expensive price tag, hence Web Application Firewalls are more efficient.
At least the WSJ was pointing at some good industry references like WhiteHat Security and FireHost Inc.
(Image source: http://www.ieplexus.com/date/2008/10/24/)
