Академический Документы
Профессиональный Документы
Культура Документы
The High
Cost of Poor
Website Security
CONFIDENCE REDEFINED
The high cost of
Poor website security
Your organization’s websites are some of its
most valuable assets. But they are vulnerable
to security issues and criminal attacks.
Fortunately, many of these problems are
preventable with effective, integrated website
security management.
2 I Symantec Corporation
The value of good website security
Website security involves protecting your websites against In these circumstances the case for best-in-class solutions
unauthorized access, data breaches and malware attacks provided by a global security leader providing 24/7 support
while ensuring high levels of availability and reliability. is strong.
3 I Symantec Corporation
The operational cost of website insecurity
Of course, most companies pay attention to website security; This is often due to a lack of automation in the existing
for example, by trying to keep SSL/TLS certificates current website security system, the sheer volume of tasks you carry
and installing firewalls and anti-malware software on website out daily, and the complexity of managing multiple, siloed
servers. But there’s a difference between best intentions and vendor solutions and relationships.
best practice.
Inefficient security management not only saps time, energy
Here are six questions you can ask yourself about your and budget, but also impacts on your threat detection and
website security operations and certificate management remediation, making identifying and fixing security issues
landscape: more difficult and less effective.
It’s rare for security professionals to answer yes to every For companies with thousands of certificates, the cost of
question. manual management can be very high indeed. And so if you’re
using Excel spreadsheets or other manual processes to track
certificates and you have a few hundred plus, then you should
strongly consider an automated solution. Its likely to pay for
itself quickly in saved time alone.
4 I Symantec Corporation
Pricing website risk
The cost of poor website security and inefficient SSL/TLS • Reputation damage. Apart from the risk of being
certificate management goes beyond the cost of day to day blacklisted by Google and increased insurance premiums,
admin. When a problem occurs, the cost can be significant. the damage to your brand from security breaches can be
significant. While stock prices usually suffer only
• Service outage. The cost of individual outages can be a temporary dip3 after a major security breach, it takes
very high. Reports put the cost of a Denial of Service far longer for companies’ reputations to recover.
attack at up to $20,000 an hour . The cost is likely to be
2
the same be it if the outage is caused by a certificate issue Without visibility, automation and an understanding of your
or other vulnerability true risk and compliance posture it becomes near impossible
• Fixing problems. The average Global 5,000 company to make smart decisions about how and where your IT and
spends $15 million to recover from a certificate outage security resources should be allocated.
and a further $25 million in potential compliance costs .
Similarly, fines for data breaches are escalating.
2
https://www.theatlantic.com/technology/archive/2016/10/a-lot/505025/
3
https://hbr.org/2015/03/why-data-breaches-dont-hurt-stock-prices
5 I Symantec Corporation
Conclusion
Nine out of ten large organizations reported a security For large companies it can become a continuous trade off
breach according to a UK government information security in investing time and resources between business progress
breaches survey . Unlike car or house insurance, where the
4
and business security. Those resources get further strained
chance of disaster is relatively small even if the cost is high, when you lack visibility across your website ecosystem due to
good security is insurance against a risk with a very high silos in your efforts to secure the servers, apps, and data that
probability. make up your ecosystem. Your cost analysis should include:
The cost element involved in deciding on which solution to • The headcount resources you need to manage all of those
go with should never just be based on the price point. Having manual processes.
the holistic view of the full management cost of your website • The visibility you need across your website security
ecosystem is essential. ecosystem to establish your level of exposure.
A recent NopSec report5 found that it took financial services Point solutions and manual processes are going to leave gaps
firms an average of 176 days to remediate a security in your security and this is likely to be where the attacker
vulnerability because of laborious manual processes. All gains entry.
of those man hours need to be factored into your buying
decision. Focus on automation – it will save not only your budget and
reduce your resource needs, but more importantly your
These manual, cumbersome, time-consuming tasks also brand.
take your team away for the strategic needs of the business.
Manual processes hurt your ability to protect at scale. Investing in automated, multi-point and multi-layer
Human intervention is too slow to stop fast-moving attacks. protection that keeps your website ecosystem safe from the
And when those attacks get through, your remediation and most sophisticated new and emerging threats has never been
recovery times go up, as does the extent of potential damage more necessary.
4
http://www.computerweekly.com/news/4500247376/Cost-of-UK-cyber-breaches-up-to-314m
5
http://info.nopsec.com/rs/736-UGK-525/images/NopSec_StateofVulnRisk_WhitePaper_2015.pdf
6 I Symantec Corporation
Symantec™ Complete Website Security
Symantec Complete Website Security gives you the visibility, agility, and security breadth and depth you need to protect your
business, brand, and customers. It harmonizes and fortifies your website security with comprehensive best-in-class solutions.7
Multi-point and multi-layer protection keeps your website ecosystem safe from the most sophisticated new and emerging threats.
Real-time visibility into your website ecosystem helps you quickly spot problems, block attacks, fix issues, and stay in compliance. It
delivers the tools and services you need to safeguard the integrity and performance of your website servers, certificates and apps.
Its security agility speeds your ability to keep your business safe and growing, while keeping you in control. Since it’s backed
by one of the global leaders in cyber security, with the most recognized trust mark on the web8 and one of the world’s largest
cyber intelligence networks, you can trust you’ll get the level of security, service, and support you need to protect your website
environment, customers, and business.
7
http://ww2.frost.com/news/press-releases/frost-sullivan-applauds-breadth-symantecs-security-solutions-well-collaborations-customers-and-peers-provide-
customized-tools
8
International Online Consumer Research by IpSOS: US, Germany, UK, France, Australia and Singapore October 2015, comScore Analysis with top ecommerce
organizations. United States: 90%, United Kingdom: 89%, Australia: 88%, Singapore: 92%.
7 I Symantec Corporation
Harmonize and fortify website security
SymantecTM Complete Website Security
can help you strengthen your overall
website security posture, prevent or
minimize damage from the escalation of
sophisticated threats, free up resources
for business strategic initiatives, simplify
website security complexities, and run
and grow your business with confidence.
To open an account or find out more about how Symantec™ In the US, call:
Complete Website Security can help you: 1-866-893-6565
No part of the contents of this white paper may be reproduced or transmitted in any form or by any means without the written permission of the publisher.
Copyright © 2017 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Circle Logo and the Norton Secured Logo are trademarks or registered
trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.