IS YOUR WEBSITE VULNERABLE TO HACKS?

Over 80% are. Protect your website from hacking and malware attacks. Gain pace of mind by being proactive.
Check now

In a noisy industry with high price tags, many businesses have not secured their website – although websites are the preferred target for web attacks. 

Situation Board

%

More than 75% of all hacker attacks are targeted against web applications.

“Websites have proven to be the preferred target for web attacks. It’s just a matter of time when an unprotected website will be compromised.”

%

More than 90% of hacker attacks are automated bots searching for vulnerabilities.

“Many small companies mistakenly believes that they are not at risk of being hacked. But automated bots don´t care if the site belongs to a small local business owner or a large enterprise.”

Websites hacked daily

“Bots are deadly effective in reaching out to every corner of the world. An analyse found that it takes about only 30 – 45 days for a new website, with no content or audience, to be identified and added to a bot crawler.”

%

Of all webtraffic is malware

“Europol have stated that cybercrime have become more profitable than the entire world of drug trafficking. They have also stated that ransomware has become a global epidemic and urge businesses to make a greater effort to protect themselves.”

If your website is hacked then the consequences can be devastating:

 

  • You run the risk to distribute malicious code to its visitors.
  • You run the risk to get sensitive data stolen or loose your whole site.
  • You run the risk to loose your Google search ranking.
  • You run the risk to be fined according to the GDPR regulations.
  • You run the risk to be blackmailed for money.

How To Avoid This

 

Most businesses with websites remain unprotected because they are faced with an industry of security companies with sky-high price tags and hidden costs, or small security companies that only tries to maximise profit by offering low quality solutions that only cause problems.

The consequence has been that been that businesses often stay unprotected hoping their site will not be hit. In some cases they hope that their hosting provider is responsible for their website security. But the web host is responsible to protect the server infrastructure the website is hosted on, not the website itself. The website owner is responsible to secure their own website.

In other cases their host or themself have bought a 20 dollar security solution that only gives a false protection.

That is why we have created a solution where the goal is to make you aware of vulnerabilities. Awareness if the #1 defence againt hackers. Our in-depth vulnerability website check  of small to medium sized websites has a price tag of USD 1800. Enterprise websites need to be quoted on individual basis.

Our goal is to provide a service that enables businesses of all sized to effectively protect their websites against cyber threats.

Website security questions you need to ask yourself

How is my site protected from DDoS attacks, password hacking and vulnerabilities?

How have I secured my website in case all the content of my website is deleted after a hacker attack?

U

Google blacklist websites that is infected with malware. Therefore, it is critical to discover early if the site is infected to avoid to be penalized in Google's search. How do I monitor my website today to reveal hacking as early as possible?

s

Have I checked if my website shows as "safe" or "not secure" in Google's search results.

Do I use a modern firewall that does not block Google's crawlers.

Frequently Asked Questions

Why have websites proven to be the preferred target for web attacks?

The website is the typical face of a business and compared to other hacker goals, no special links or resources are required to reach a website. Anyone with a computer connected to the internet can reach out and try to hack a website.

Why should anyone hack us?

More than 90% of hacker attacks today are automated scripts and bots searching for websites that has vulnerabilities. Bots don´t care about the size of your business. An analyse found that it takes about only 30 – 45 days for a new website, with no content or audience, to be identified and added to a bot crawler. Once the bot identify a website with a specific vulnerability the site will be added to the next phase of the attack, exploitation. The challenge with automated scrips and bots is that it will just continue trying and with an infinite number of attempts they are bound to succeed eventually. It´s a fact that an unprotected site without a WAF eventually will be hacked. 

The final goal with an attack is normally one of those six:

1. Steal sensitive data: Extract sensitive data from your site to either exploit the data themselves or sell the data on the dark web. With the new GDPR regulation the the consequences can be a financial disaster.

2. Drive-by-download: Inject your website with a malware hoping to infect as many of your website visitors. Probably you will be unaware of this before a visitor calls you because their bank accounts where drained after they installed a fake piece of software you recommended on your website. Google blacklists 10,000 web pages every day that get infected with malware.

3. Blackhat SEO spam campaigns: Inject your site with links that sometimes you see and sometimes you won´t. Your audicence are redirected to pages that generate revenue to the hacker.

4. System resources: Steal resources. Hackers behind automated attacks need resources. If your website resources are compromised, then one day they it suddenly can be used in an attack without you realizing it. Suddenly your usage bills is through the roof, the host shuts you down or you receive a notice from the authorities about your hacking attempts.

5. Ransomware: The same criminals who previously broke into the corporate office or warehouse can now instead buy a hacker attack that puts your website out of service, then claim ransom. Your website will then be shutdown until the ransom is paid.

6. Shutdown – DDoS attack: If your website becomes a victim of a distributed denial-of-service (DDoS) attack, then it will receive a flood of traffic with the goal to shut it down.

I already have a CDN solution with a WAF

There is a jungle of CDN providers that is build to optimize speed and have security as an extra service. We believe in a security first approach. That´s why we have partnered with the top global website security providers to deliver the best specialized WAF solutions that protect websites like Siemens, eToro, Zillow and Brock University. They also have CDN functionality that can improve the speed of your website up to 70%, but it’s built with security as the top priority – as it should be.

Why isn´t my hosting provider responsible for the website security?

It’s a common misconception that hosting providers is responsible for the security for each website they host. Your web host protects the server infrastructure your website is hosted on, not the website itself. Think of it like securing an apartment building. Property management takes responsibility for securing the building, but each tenant must lock the door to their own apartment. Of course you can ask your hosting provider if they also can take care of this.  But cyber security is a demanding field with new threats everyday. This requires specialized skills and tools that is outside the scope of the hosting provider.

When I have an anti-virus solution, why do I need this?

To our frustration, the cyber security industry have never ben so noisy as it is today.

Most of the security companies focus on selling threat intelligence, network and endpoint security with high price tags, neglecting to inform businesses that this does not protect their website, although the industry knows that web applications are the preferred target for hacker attacks.

The reason to this neglect is  probably profit, because the overall price tag is higher on solutions that are priced according to the number of employees than a solution that only secures a website.

What is the top advices if I want to secure my website properly myself?

If you have a website and haven’t thought about security then this list can help you to get started. If you use a third party to help you with website security then the below list contains a useful set of questions you can ask of your provider to see if they are well prepared.  This is far from an exhaustive list, but it is a good start.

1. Most importantly you need to install a WAF, so the traffic to your website is filtered. If not, then malicious traffic will have direct access to reach your site.

If you already have installed a WAF, then make sure that you have made the proper precautions to prevent bypassing. If a hacker or bot knows your hidden Hosting IP address, they can bypass the Firewall and try to access your site directly. The best way to prevent hackers from bypassing the Firewall is limiting their access to your web server. To do this by adding restrictions to your .htaccess file so that only the Firewall’s IP will be able to access your web server.

2. Check if your website have been build following good secure coding principles.

3. Check that CMS, software and plugins  are up to date. If you use a third party make sure they have policies and processes to do this for you.

4. Check that you encrypt the web traffic using SSL.

5. Perform a penetration test of your website to identify vulnerabilities before they are identifed by bad bots or hackers.

6. Perform a regular scanning of your website to detect injected malware content.

7. Make sure your website have a frequent backup plan and make sure that the backups are not stored on the same server as the website.

GDPR – A new regulation from 2018 that among other things demands higher focus on website security

GDPR requires the company to report data burglary within 72 hours after the break-in was revealed. Compared to GDPR, a data breach is loss or exposure of personal data. One challenge many companies face is the time from the burglary to the break-in is often over weeks or months. This gives a hacker the ability to spread the virus widely and get a deeper feast on the entire company’s computer system. With the new GDPR legislation, the consequence of a data-burglary criticism or a notch in reputation is now the big fines of up to 4% of revenue. This means that no company can afford to take this seriously and comply with the regulations.

Status

2018

"Europol mentions ransom viruses as an epidemic and thinks this type of attack has taken cybercrime to a new level. Europol director Rob Wainwright urges individuals and businesses to make greater efforts to protect themselves."

Europol

"The firewall of NorseImpact stops daily on average 20 intrusion attempts at Forsikringsportalen.no"

 

Forsikringsportalen.no

"With NorseImpact's speed optimization, Forsikringsportalen.no today has a loading time of 691 ms, compared to earlier 3.2 seconds."

 

Forsikringsportalen.no

"A typical hacking method is that a website is overtaken by hackers. The hackers require money to return control back to the website owner."

NORSE IMPACT

U

Uncover the security status of your website today

Get a complete in-depth vulnerability check of your website.

Website vulnerability check
Current terms for ordering website check:

1. Portalen Gruppen AS (Org. No. 899 551 222), located in Norway, stands behind the service.
2. The cost of the check is USD 1 100,- excl. VAT per website (domain) to be checked.
3. We use cloud-based tools to check the website. There is no risk that the check will cause downtime or problems.
4. We address various risk factors in our vulnerability analysis and point out any findings in the report we send in writing by email.
5. When it comes to digital security, no one will be able to give any guarantees that all security holes have been detected or checked, including us. We take no responsibility for any consequences of vulnerabilities and security holes that are not revealed by us.
6. Our role is to carry out the work of providing an analysis and report. We do not take responsibility for the necessary measures.
7. Invoices must normally be prepaid before results are sent.
8. Invoice is sent from Portalen Gruppen AS with VAT. If your company is located outside Norway then invoice is sent without VAT. Prices are quoted ex VAT. Due date on invoice is 5 days.
9. We are committed to keep your sensitive information safe and will not share your information with others.

Confirm
Please confirm that you have authority to sign a contract on behalf of the company *
Sending

“It ain´t what you don´t know that gets you into trouble.

It´s what you know for sure that just ain´t so.”

– Mark Twain