What are the consequences when a
website is not protected against attack?

• Financial loss

  .
  
  

  • Sophos: $115,000 stolen from online poker account.
  • darkreading: $45 million in losses from prepaid debit cards.

• Loss of service

  .
  
  

  • Your website is slow and/or non-responsive
  • Caused by Denial of Service attacks
  • Customers cannot access the website
  • New customers are discouraged

• Identity theft

  .
  
  

  • NBC: access to potentially 200 million Americans’ credit reports.
  • Identity Theft Resource Center: 1st 3 months of 2013 -- 874,667 records stolen,
  • including medical, SSN, credit card numbers, etc.
  • Twitter: information on 250,000 users stolen

• Website infection

  .
  
  

  • Your website becomes a host for drive-by downlads
  • Example: NBC website hacked in February 2013.
  • SQL injection campaign ... 1 million URLs possibly infected.