Gone are the days when web site attacks were perpetrated by lone hackers solely for a sense of one-upmanship. We are living in an age of industrialised cyber-crime where a large amount of money can be made from well-orchestrated attacks; the internet has become a popular tool for organised criminals.
However, this is not a new phenomenon, so how is it that the latest ?Lizamoon? attack has revealed many hundreds of thousands of websites still vulnerable to a common attack like SQL injection? The answer lies in the cost-prohibitive nature of high-grade website security. Banks, ecommerce and media sites invest in substantial perimeter security or ?application firewalls? that are very effective at deflecting malicious traffic ? but smaller businesses and other organisations where costs need to remain low are unable to foot the bill. Inevitably this means taking a calculated risk with their web presence.
So what can be done? Fortunately technology continues to evolve, and in recent years there have been two developments that might hold the key to long-term web integrity. The first is cloud computing, a very popular topic, but a concept that allows organisations to consume technology as a utility. Many providers already offer tariffs that include application firewalling. This allows smaller business to run their websites in the cloud and subscribe to a security service. This replaces the need to make a substantial up-front investment in hardware they have to install and manage themselves.
The second development has been virtualisation, where expensive servers that where once dedicated to specific tasks can be combined and consolidated into a shared platform, significantly reducing the cost of computing. Many security technologies have recently become available as virtualised workloads that can now be run on relatively inexpensive hardware ? and this includes the ability to protect the use of SQL in a data stream.
It?s time to wake up to the very real threat of cyber-crime.
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
