Is cybersecurity so important for my website?

When we talk about cybersecurity, images of audiovisual productions such as Mr. Robot or Matrix come to mind, where enigmatic hooded men try to gain access to a database or penetrate a highly protected server in order to save the world, defeat an evil organization or fulfill any other cliché involving terminals with black backgrounds and radioactive green characters.

Because of this Hollywood exaggeration, we tend to underestimate the threat and think that our website, our server or our app are exempt from the risk of a cyber attack, because who would want to attack my little platform? Nothing could be further from the truth.

According to the Hiscox cyber preparedness report 2023, 53% of companies have suffered a cyberattack, with an average loss of around 15,000 euros. Focusing on smaller companies, with 10 workers or less, 36% of them (more than one in three) have received at least one cyber attack during the last 12 months, which reflects a significant increase over the previous year, quantified at 23%.

Due to the increasing number of attacks and the magnitude of the losses, cybersecurity has become the number one concern for companies, ahead of economic problems (such as inflation), the emergence of new competitors or global catastrophes.

How can I keep my company safe from cyber-attacks?

When we read these data, a sense of alarm is generated and we consider our vulnerability to such threats. Here are some of the actions we can take to be less unprotected against these potential attacks.

Keep all services and dependencies updated, the first line of defense against cyber-attacks.

Using proven tools and libraries is a very good starting point to avoid attack vectors, but it can become a double-edged sword if we do not keep them updated, since being widespread services they also arouse the interest of attackers due to the number of potential victims.

These utilities are usually quite agile in solving the vulnerabilities detected (even before they are exploited), but it is in our hand to update to the patches or versions that include these new defenses.

Strengthening personal passwords, enterprise cybersecurity

While having "strong" or "strong" passwords may seem like a no-brainer, weak or low-security passwords are listed within the OWASP Top10:2021 as one of the top ten cybersecurity dangers.

Passwords such as "1234" or "qwertyu", the result of a lack of imagination, and "root", "admin" or "password" as default values, are passwords that are commonly defined for services that we think are out of reach of the public but that turn our servers into potential victims of a brute force attack.

Phishing, the most classic cyber-attack

Another of the most common attacks is "phishing", where we receive a notification (usually by email or SMS) pretending to be a potential customer, a collaborating entity or someone from the company itself, requesting sensitive information. Corroborating the origin of the request, either by inspecting the source of origin (email, phone number, etc.) or by contacting the supposed sender directly can help us to avoid a bad experience.

Software quality as the first cybersecurity measure

One aspect that is often overlooked when it comes to securing an application is its root, the code that makes it up. Quality reviews and monitoring of our code ensure that we avoid potential vulnerabilities, such as data injection or overexposure of information from the outset.

Cybersecurity Audits and Vulnerability Monitoring

The formula that guarantees high security in our company is based on building a solid cybersecurity plan based on two points: Periodic external security audits, where teams from outside the company inspect possible vulnerabilities and report them so that they can be prevented; and active monitoring of the security of our services, so that any vulnerability that appears is identified as quickly as possible in order to mitigate damage and reduce the scope.