Business Implications of Web Defacements
Web defacement is often considered a minor form of cyber attack, very much like a petty crime. However, what is the full extent of the impact that it can have on your business? In this article, we take a closer look at some business implications of web defacement, some of which are actually much more significant than what you might think! This article aims to help you consider a more appropriate risk mitigation or incident response initiative to defacement attacks.
What is web defacement?
Web defacement is a form of online digital vandalism. Typically, a defaced website would have undergone unauthorised changes to its appearance, often through altered, or totally replaced company logos, text content, or web pages in their entirety. The people who perform these attacks, mostly the hacktivists, are often driven by social, political or religious motivations.
Since web defacement is relatively easier to carry out than other forms of cyber attacks, such incidents are in fact quite common. Moreover, as these attacks are often targeted at web pages with significant traffic, they get noticed and exposed quickly.
Here are a few highly publicised web defacement incidents that had occurred over the past 5 years:
- 2011 – The Harvard University website homepage was replaced with an image of Syrian president Bashar Al-Assad
- 2012 – 500 Chinese websites were defaced by the Anonymous hacking group
- 2013 – Entire MIT website was defaced following the death of known hacktivist Aaron Swartz
- 2014 – 100 websites were defaced in Singapore. Most of these sites were run by the opposition Reform Party
- 2015 – Contents of an ISIS propaganda website on the dark Web were replaced with ads for an online pharmacy selling Prozac and Viagra.
Website defacements can have major implications to any business or organisation, especially larger and more prominent organisations like government agencies and MNCs.
Disruption
Web defacement, in all clarity, does not result in a major disruption right away. However, when your website gets vandalised, that’s going to be fodder for discussion. Some employees will certainly be talking about the incident during the first few hours of the day. Coffee breaks are bound to be longer.
Of course, the folks in management will have to talk about the incident too. If you do not have a dedicated IT department, then someone will have to be appointed to tackle the issue. That is going to take up a good part of that person’s work day.
Damage to reputation
Now, this is one consequence of web defacement that you should be taking seriously. A defaced website, which can be seen by hundreds to even hundreds of thousands of viewers in a single day, can have a big influence on how people perceive your ability to secure your systems.
If your business stores and processes a lot of personal data, a simple web defacement cannot be taken lightly, not in this day and age. Current and potential customers will have to think twice before entrusting any sensitive information with you.
Damage to reputation can be exacerbated if it reaches social media, where news can spread like wildfire. It is even highly likely that your defaced site would have already been viewed by the general public before your IT department could remedy the situation.
Also, if the intention is to ruin your reputation and if the vandalism bears damaging information, then the attacker will have more than succeeded in reaching the people they need to reach and do damage where it will hurt you the most – your customers.
Potential data breach
Not all web defacements are plain acts of vandalism. Because web defacements are naturally noticeable, some hackers use them as a form of diversion. With everyone’s attention focused on the defacement, these hackers could then carry out more sinister activities without getting detected immediately. For instance, they could steal sensitive information, install malware, perform privilege escalation, or carry out other nefarious acts.
It could also be the other way around. A web defacement could mean that a data breach has already taken place. A data breach alone can have huge consequences. It can lead to lawsuits and hefty fines, especially if investigations show that your company had failed to comply with regulatory requirements. It can even force your CEO to resign or get fired, as were the cases at Sony, Target, and Ashley Madison’s parent company, in the aftermath of their highly-publicised data breaches.
Because of this possibility, some cyber security consultants now make it Standard Operating Procedure to conduct vulnerability assessments and digital forensics when responding to a web defacement incident. These assessments, while necessary, can cost you money.
The effects of web attacks are leaving companies with a short time to react and perform damage control after an incident. Defacement monitoring and detection tools are one of the best solutions to monitor any defacement or unauthorized integrity change in the websites. These are some of the most used monitoring and detection tools: Banff Cyber’s WebOrion Defacement Monitor, Site24x7 and Nagios. Careful evaluation and configuration of the tools to detect both full and partial defacements involving HTML as well as linked images, scripts and stylesheets are important to ensure an effective tool is in place.
More downtime and damage to reputation
The moment you do decide to conduct a thorough vulnerability assessment and digital forensic investigation, be prepared for some major disruptions. It can take days to find and remediate vulnerabilities, in addition to fixing the defaced web pages themselves. It can also involve several components of your IT environment, so some of your business processes can be impacted. That may result in loss of business opportunities.
Failure to patch vulnerabilities might also result in something that you would certainly dread – a re-defacement. If that happens, it could cause irreparable damage to your reputation. Management responsibility and capability will be put into serious question by internal and external stakeholders alike.
What to do next
Knowing what you know now, would you still consider web defacement a minor cyber attack? It would probably be wise not to. Instead, you should make sure you are capable of the following:
- Preventing any web defacement
- Detecting web defacements instantly
- Restoring your non-vandalised web presence in the shortest possible time
