Five basic misconceptions all business owners should know about web application security

What misconceptions should business owners know about web application security?


With the increase in web adoption and the constant establishment of new firms, businesses have been able to share several pieces of information concerning their product, using the website as a means to deliver services and share valuable data with customers.

Meanwhile, hackers are seriously looking for ways to compromise the corporate network of several industries. As a matter of fact, research shows that cybercrime damages will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015. Cybersecurity Ventures also expects ransomware damage costs to rise to $11.5 bn in 2019, and their further research also shows that a business will fall victim to a ransomware attack every 14 seconds by that time.

Even the smallest security incident can seriously have a negative impact on a business; especially startups, causing significant data loss and leading customers information to fall into the wrong hands.

However, that many business owners are aware of these dangers, but are ignorant of it, due to some common misconceptions about web application security. Forgetting that no business is immune to security risk.

Below, therefore, are five common misconceptions you should know about web application security.

Visit Innovation Enterprise's Business Analytics Innovation Summit in Las Vegas, July 17 & 18.

1. Only big organizations are threatened by hackers:

This is a very common imprecise assumption that most startup founders and other business organizations make concerning web application security.

Most SMEs will say, “our company is not big anyways, we do not need complex security to protect our information online.” Meanwhile to attackers, any organization such as financial institutions, e-commerce firms, auto transport services, governmental bodies or private individuals that gathers relevant data like private numbers, birth dates, credit card details, online shopping particulars, etc, Is a potential client.

As a matter of fact, research shows that 43% of cyber attacks are intentionally aimed at small organizations, and 70% of data breaches happen through small businesses.

However, the business of all sizes should have a combination of security software and take measures to keep their devices from criminal activity.

2. Complex passwords will protect my network from keyloggers:

This is a very common misconception, as many organization believes that using complex password will prevent hackers from getting their company’s information.

No doubt, having complex password will surely prevent vulnerabilities, but can not totally guarantee your website from malicious intruders. In fact, using complex passwords can sometimes make a user to experience difficulty in remembering them.

Meanwhile, the attitude can lead to writing your login details into a journal - and allow the password to fall into the wrong hands. According to Mac McMillan, “16-character complex passwords can be cracked by a hacker in less than an hour.”

However, to be on a safer side, experts recommend changing your web login details at least, every 60 days to prevent an unexpected attack.

3. I have the best software developer; why bother:

This is yet another baseless assumption concerning web application security. As many organizations think that building website with a perfect web developer, or getting software from a trusted organization will prevent their website from criminal activities.

It is a must to know and note that web developers are generally not security experts. Moreso, building a software and hacking it are two different areas. And no matter how secure your website is yesterday, it may not be today.

Hackers are always at work looking for new ways to do the evil thing and disrupt your data. A good example of this is your personal computer companies, they constantly upgrade millions of PCs because what was safe yesterday isn't safe today.

4. Using Web Application Firewall is enough to resist hackers:

No doubt, web application firewall (WAF) can provide a great protection from hackers, and also reduce specific attacks such as the exploitation of cross-site scripting and structured query language injection vulnerabilities. However, as effective as they can be, they do not guarantee the safety of your website.

More so, most companies feel relaxed with the mindset of having WAFs as there ultimate security resistance, there are several techniques to bypass WAFs which are even more popular today. That is why your company should not rely on a WAF, but should always attend to any security flaws confronting a web application.

5. After a penetration testing, the website is safe:

Penetration testing comes with the advantage of exposing a significant weakness in your network that can be exploited when hackers launch smaller vulnerabilities, such as employee breaches of security protocol and minor coding errors.

However, when your company is busy applying a penetration testing, hackers are already one step ahead of you looking for new ways to infiltrate your company account credentials or gain access to the personal information of you and your employees.

For this reason, your company should not relax - assuming that after a pen testing then the web security is safe. Upgrading your security platform should be a continuous process because malicious attacks don’t come with advance warning.


Read next:

The shifting debate around security metrics