The Average Website Is Cyber Attacked 44 Times Per Day

SiteLock Website Security Insider Q4 2017 - The Average Website Is Cyber Attacked 44 Times per Day

In its analysis of 6 million websites, SiteLock said the average small business site experiences 44 attacks per day or 16,060 attacks per year. The SiteLock Website Security Insider Q4 2017 report identified alarming trends in attacker behavior and tactics, according to the company.

SiteLock Website Security Insider Q4 2017

Although the 44.36 attacks per day for the fourth quarter of 2017 are indeed alarming, it is actually a decrease of 24.8 percent from the number of attacks in the third quarter for the same year. It’s also nothing compared to the 152,041,201 bot visits sites receive weekly.  Only 19 percent of infected websites were blacklisted by search engines but if your site is among the inflected that weren’t, it may only be a matter of time.

Small businesses might be under the impression they are safe from hackers, but Neill Feather, president of SiteLock, says otherwise. On the official SiteLock blog, Feather explains, “It’s worth repeating that no website is too small to hack. Even the smallest website can be targeted for its traffic, data, or computing resources.”

SiteLock, is a provider of business website security solutions, and according to the company the only web security solution to offer complete, cloud-based website protection.

Key Findings in the Study

On average, one percent of the sites sampled by SiteLock were infected with malware each week. Globally this translates to 18.5 million websites being infected with malicious content at any given time.

The average number of malicious files per infection went up from 284 to 309 files, a 0.8 percent increase, and backdoor files made up 12.5 percent of all malware found in Q4 2017.

The report also revealed close to half or 46 percent of all WordPress sites infected with malware were up to date with the latest core updates. And WordPress websites using plugins were twice as likely to be compromised as non-CMS site. This was attributed to the large number of plugins in the WordPress ecosystem and SiteLock said, this indicates updating the WordPress core application without updating plugins and themes is not adequate protection from attackers.

You can download the report here for the rest of the data.

SiteLock’s Recommendation

In the event of a successful attack against your organization, the best you can do is be fully prepared. As many experts will tell you, it is a matter of when and not if. When the time comes, you can mitigate the damage by acting quickly and using the countermeasures you have put in place.

It starts with using malware scanners with a file-based, inside-out tool to automatically identify and remove malware. Use strong passwords with a minimum of 12 characters. SiteLock suggests avoiding dictionary phrases, having at least one capital letter, one lowercase letter, and one number. If possible use randomly generated passwords and store them in a safe place.

Next, consider a contingency strategy with accurate and clean backups of your site. Make sure you backup your site every day. This will ensure you have the latest and cleanest version of your site so you can fully restore it if attackers gain access.

Last but not least, SiteLock says you have to take proactive steps to secure your digital presence with a comprehensive security plan. Feather added, “In order to stay ahead of today’s ever-evolving threats, website owners must be proactive about understanding the ins and outs of their website to ensure they have the proper protection in place.”

Photo via Shutterstock

More in: 2 Comments ▼

Michael Guta Michael Guta is the Assistant Editor at Small Business Trends and currently manages its East African editorial team. Michael brings with him many years of content experience in the digital ecosystem covering a wide range of industries. He holds a B.S. in Information Communication Technology, with an emphasis in Technology Management.

2 Reactions
  1. Hackers have always targeted WordPress sites due to the fact that they are software based, as supposed to websites build with more conventional methods such as JavaScript and HTML. I do wonder how this would affect new hosting providers such as Amazon Web Services. As far as business owners being proactive and keeping up with the latest security measures, that’s almost never the case because they have other things to worry about. Thank you for sharing this article.

  2. Now that’s scary. This means that your website hardly gets any security. That’s really scary.