Australian banks like the National Australia Bank have said that organisations should look at the early warning signs of an attack and take action, but no one does.
However, according to Juniper Networks' Director of product management Swastik Bihani, not only is it possible to detect and take action when an attacker targets a website, today's technology allows companies to slow their attacker down, profile them, and even share information to prevent completely separate businesses from being attacked by the same person.
In a technical demonstration session with ZDNet, Bihani shows how traditional web application firewalls fail to prevent simple but common SQL injection attacks, and how businesses can instead mislead would-be attackers in order to give up more information about themselves.
After identifying an attack, businesses now have several options to protect themselves according to the capabilities of their attacker. Bihani told ZDNet that depending on the business' risk appetite, they could scale up their response to an attacker's actions accordingly.
For example, Bihani said that a curious developer might change a few input fields or URL parameters without intending to do any damage, so a company that finds that activity acceptable may allow them continue using their site, but just monitor what they do. On the other hand, more sophisticated honeypot situations could be set up, such as fake access control lists with hashed passwords, and if an attempt was made to break them, the business would know they were under attack by someone who has malicious intent.