Web Defacement recommendations

I think web defacement solution is not enough, the website development itself must be robust first.

hi, websites can be hacked or defaced for many reasons. the drill down will be too much as we speak. at the current moment, you may want to consider building your website more securely (find good coders who have security in mind), aside from that, once your site is ready, do a VA (vulnerability assessment) after which you may wanna consider a pen test. Sound quite a lot eh? You may want to put in a WAF together with an anti defacement monitoring tool from Banff Cyber. All this can be done concurrently.

 

check out this site. you may be able to get help from them and they have some best practices as well.

www.banffcyber.com/best-practices-to-add...e-of-web-defacement/

www.banffcyber.com/weborion-defacement-monitor/

 

 

hi, so u r saying if our website is built securely then we need not have a web defacement protection?

hi, it depends on the business risk that your organisation is willing to take. being proactive in defence is a sure way to ring fence your online reputation. so i guess what type of business risk you are willing to take?

hi

agree with shaun. IMHO, the complexities of cyber security are not fully understood by a lot of people yet. Essentially trade-offs must be made. To put an extreme example, the only 100% defence against cyber threats is not to be online at all. Once you are connected, you need to consider what are the risks and resources during the planning and subsequent actions.

Of course, you need to be proactive in it. I have came across people who asked me for help AFTER they have been infected with ransomware when they blindly invest in "protections" recommended to them without really understanding what they are protecting. So they have neither any backups or any other forms of protection in place, and who knows how many more timebombs they have in their organisation as well. Sadly, they only regret it after they cannot recover their valuable information.

So a long story short, understanding what you want to protect and the risks that you are willing to take (risk assessments must be done properly here) as well as?ÿthe resources you are willing to spend is the crucial first step to deciding and finding what types of solutions would work for you. Having a good vendor or partner who understands your needs and not try to oversell you, but walk through with you to explain what you are protecting and the residual risks is probably one of the most important things you can do as well in protecting your organisation. Like in all things, don't just jump head-in blindly, but make sure you are getting value for your money and protecting what is really important to your organisation.

hello fellow security folks. i think most individuals and companies have a 'standard trend', that is they will only react when things goes wrong. so if *touch wood* their website is defaced, then they looked for web defacement solution. If there is malware, then they deploy malware protection tools.

Well, they are not wrong either as security management is really a high cost to companies. so some companies really 'bo chup' until something happen.

how to change such mentality?