If You Pay Peanuts, You Get Monkeys

by Pierluigi Stella, Network Box USA

Usually, I write about new technology or some security issue related to recent events, which might, in a way or another, affect Credit Unions.

Today, I want to tell you a story.

About two weeks ago, a Network Box USA customer opened a ticket with our Security Operations Center, reporting that their website seemed to have been hacked.  My support team checked and verified that the customer’s website indeed showed the “logo” of a Turkish hacker.  They panicked, thinking we had caused the problem ~ imagine my irate reaction thereto.

Given that I’ve been doing this for over a decade now, and nothing of this sort has ever happened, I’ve learned not to panic (at least, not as a first response).  So, I logged onto our device which protects the customer’s network  to investigate the situation.  Within seconds, I was able to discern that, while the public IPs of our customer all began with 50.202, their website IP address did not ~ it began with 184.168.  Meaning, they are _not_ hosting the website within their own network.  First sigh of relief – this issue was clearly not caused by us.

But here’s where curiosity kicks in; where are they hosting this website?   A reverse lookup revealed the name of a well known company located in Scottsdale, AZ, which offers what is (supposedly) a secure web server and secure hosted Exchange email.

That said, secure or not, my customer’s website had been defaced by Turkish hackers.

Now, we need to make some considerations.

We all too often fail to consider that our corporate website is THE very first image the world sees of the company.  An instant parallel would be a storefront window of a boutique at the mall.  What impression would you make of a store if their window displays were in complete disarray?  And they did not take care of it?  Would you even consider walking in, let alone buying anything?

Undoubtedly, we all understand the importance of an aesthetic website but it would appear we often fail to consider the equally (if not, far more) important scenario that should the site be hacked and/or defaced ~ even if no data is stolen, the image of our company has already been compromised.

I raise this issue because I see way too many CUs not taking appropriate care of their website ~ the motive?  To save some pennies.  In the name of cost reductions, they host their websites on “sketchy”, somewhat dubious web hosting services, where no one takes care of the security of the server (in fact, some of these servers are directly exposed to the internet).

Is it really worth saving a few dollars and risking the image of your company?

Your web server, whether it hosts an application or not, should always be zealously protected because the homepage, that first page I see when I go to your website?  That’s the dealmaker ~ it determines whether I want to do business with you or not.  If I see a Turkish hacker’s logo on your homepage, I seriously doubt I’ll walk into your CU.

I mean, would you?

Pierluigi Stella

Pierluigi Stella

With a sterling track record of successfully accomplished projects, an extensive technical know-how, and nine years as head of both the technical as well as customer service divisions of Network ... Web: www.networkboxusa.com Details