Beyond the padlock: Essential steps for protecting websites

Articles like this on Security Magazine perpetuate the view that you solve cyber security by buying technology. Wrong, wrong, wrong. Ask any organisation that has to manage dozens or even hundreds of different tools and they’ll tell you how difficult it is to maintain effective security controls in complex environments.

I’ve been promoting a 5-step approach that starts with asset identification and threat modelling, not with tool selection:

 

Businesses of all sizes have a lot on their plate when they create and maintain websites. This includes making sure the site is easy to use for visitors, that content is current, that all links work, that the site is optimized for SEO, that e-commerce processes are secure, etc.

But now, on top of all those operational requirements, businesses have to take care of cybersecurity, ensuring that their sites are safe for online customers and communities, resistant to hacking and as backed up as possible, should the site go down or experience an attack. This task list is not easy amid the evolving battle between those who want to secure websites and the cybercriminals who are trying to break them in order to steal money or data.

As the volume of attacks continues to rise, and the web becomes an even more critical face for sales and operations. website managers are tasked with navigating the array of website security tools needed to protect and backup their sites, as well as how to effectively implement them.

[…]

Original article here