How well do you know your web threats? Do you know the difference between SQLI, Cross-Site Scripting, and Man-in-the-Middle attacks? Are you up to date with the difference between phishing and web scraping? There are all manners of threats out there - but knowing what they are, where they are coming from and most importantly of all how to set about stopping them is another matter altogether.
Don't Miss: Sam's Club Black Friday 2016 Details
Most of us - those who are not full-time software professionals - prefer not to think too much about internet security. We spend money for it begrudgingly and with the bare minimum of research. Like other strictly 'grown-up' matters such as life insurance and pension schemes, web security is one of those things that only sparks the public imagination when it’s really needed. The trouble is that by that stage it’s a bit too late to start getting curious.
But with all the threats out there none of us can afford to take our online security for granted. The UK’s Office for National Statistics released figures last year that revealed 5.1 million cybercrimes involving fraud in the UK over the preceding twelve months (to August 2015). The number of individuals directly affected reached 3.75 million, of which 2.1 million suffered some financial loss. Other crimes involving the internet (harassment, malicious communication, etc.) were accounted for separately.
For private individuals with only a modest exposure to threats - as compared with large organizations - the steps to stay safe are well known and relatively inexpensive. For companies which deal with millions of customers and have a widespread exposure, the issue of cyber security is considerably more evolved. At the highest level the UK government announced a £1.9 billion program of investment in its own cyber security.
Knowing what’s what
Since you ask, SQL Injection is commonly experienced as a threat to the ‘back end’ of websites (the bits customers don’t see) that use SQL coding. The difference between SQLI and Cross-Site Scripting (XSS) is that whilst the former targets a site directly, XSS targets the users of a website, rendering their personal passwords, data etc. vulnerable to misuse. Man-in-the-Middle attacks are, as the name suggests, a means of tapping into communication between two parties and deriving sensitive information from their communication. Web scraping is the generic expression for the use of bots to mine the data reserves of a site whilst phishing is simply the term for any attempt to derive your login or security details fraudulently.
An armory of defense technology
Of course, knowing a few buzzwords is not the same as being secure. The good news is that WAF (Web Application Firewalls) are becoming increasingly affordable. Concurrently, cloud-based security systems are establishing themselves as every bit as reliable as traditional hardware solutions. In other words, the range of threats may be extensive, but so is the armory of defense technology that we can all afford put up against them.
Don't Miss: iPhone 8: Everything You Need to Know
According to the UK government’s Department of Culture Media and Sport, two-thirds of UK businesses have been exposed to a cyber attack of some sort. The catastrophic breach suffered by TalkTalk last October should stand as a sharp warning to us all. The threats are real and dangerous. Just like insurance and pension schemes, internet security is something that demands a thoroughly grown-up appreciation.