What We Can Learn from Georgia’s Massive Cyberattack and Do Better
It was just last week, on the 28th of October, that we were shocked by the largest cyber attack in the country of Georgia’s history. According to Forbes, not only has this taken down thousands of websites but two Georgian TV broadcasters, Imedi TV and Maestro, were temporarily taken offline as well. One of the main targets of this incident was a server owned by Proservice that houses countless websites including state agencies, state organizations, businesses, non-profits, and media organizations.
The defacement and attacks against government websites are clear proof of how much we have been neglecting the importance of WAF (Web Application Firewall) and other possible protections. It has been a few lucrative years for cybercriminals as the worldwide economic impact of cybercrime was at least USD 45 billion in 2018 according to Panda, and expected to result in much higher numbers by the end of 2019.
In the case of Georgia, not only the web service providers needed to focus on preventing but also the subscribers must have been aware of the security measures, and that it all begins with the most active and useful defense method, WAF. As new mechanisms and attack vectors are constantly invented and old ones are upgraded, therefore the application of WAF is the best-recommended protection to implement to prevent cybercrimes.
What Can Be Done Better?
In addition to website defacement like how the country of Georgia underwent, there are 6 main security threats we can look into and a combination of attacks listed below are used to cause more damage, according to threat risk rating based OWASP methodology.
- Injection (not limited to just SQL injection)
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- Broken Authentication and Session management
- Security Misconfiguration
- Sensitive Data Exposure
In order to find the perfect protection solution to your organization, you must look into 4 key considerations whilst selecting a WAF. The ultimate WAF must have: high-end security, stable and high performance, must be easy to install and configure, and last but not least, must work in various environments. Also, as the virtual environment evolves and expands, the threats against web applications continue to proliferate and grow even stronger.
WAPPLES, an award-winning WAF recognized by Frost & Sullivan, accurately detects and prevents web attacks and cybercrimes. It decreases administrative costs and increases efficiency and security using intelligent threat engine, proven solutions, and user-intuitive GUI that enables web application management to be performed by a small team.
How Can I Implement Penta Security’s Web Application Firewall in My Country?
WAPPLES is also well-known for being capable of combating the newest cyber threats, including attacks often utilized in Advanced Persistent Threats (APT) launched by malicious agents to obtain data assets of governments and enterprises for terrorism or political gains. By joining forces with the CIS countries including Ukraine, Kazahkstan, Uzbekistan, Georgia, Azerbaijan, Tajikistan, and Turkmenistan, Penta Security’s WAPPLES is currently available through regional partners. For further inquiries, please contact Illia Golovatskyi via ilg@muk.ua or penta@muk.ua and find out more about Penta Security’s WAPPLES here.