Although such attacks are easy to defeat if tangible goods are being sold and delivered, this is not the case for intangible items such as downloadable software or expensive reports. Once a hacker has obtained the file there's nothing to stop him posting it on a public Web site for everyone to see and for all the search engines to find.
When Web sites comprised nothing more than a collection of HTML pages and fancy clipart, a Web server on the receiving end of a hacker's attention merely deprived customers from looking at your electronic glossy brochures for a couple of hours. But as sites have become online versions of the traditional call centre, taking enquiries and processing orders and delivering quotes, a crash or hack which puts the site out of business for just a few minutes will cost you real money and impact your revenue. And lots of it. The hardest part is knowing that you've been attacked, and thus realising that you need to take action. Checking your Web pages, transaction database and security logs regularly, can not even ensure your continuing immunity.
Consider the current darling of the Web development scene, namely Content Management Systems. A CMS product allows anyone in your organisation to update your Web site using some simple HTML forms and a password, and they can do it from anywhere via the Web. No need to have access to FTP as there are no files to upload. Need to add a story to the front of your site? Just enter a password and type away. But what if a hacker were to do this? A malicious, untrue news release posted on your site for just an hour, and which found its way onto the internet rumour mill, could halve a company's share price. And the harder you work to publicise your denial of the story, the more people get alerted to the fact that you've been hacked. So the hacker wins twice.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.