One big thing that is missing from this industry is empirical trend data that supports the TRUE risks and costs associated with hacking and malware infections. To date, we’ve written quite alot about customer-specific impacts when they are infected. The ‘results’ run the gambit of 1000’s of dollars of losses over time, loss of SEO rank, customer reputation, etc. However, one part that has been missing is the true impact around the realm of supporting actors in these instances.
For example, if there is a site that is infected with a simple malware redirect. Instead of only looking at the impacts directly to the website owner (which are onerous enough!), we’re starting to look at the impacts to the service providers for that customer.
Its not just the webhoster. Its the affiliates for that site that may lose sales. Its the adnetwork that is presented on that site that receives negative feedback for the ads being present on an infected site. Its the content readers that also receive the infection, or are impacted by the reduction in traffic. Its the direct advertisers that are affiliated with the website, that are now also negatively impacted on either/or image, reputation or traffic perspectives.
So we are undertaking a small series of end-user surveys (specifically those that were impacted) about their total ‘experience’ with the solution. Questions like: Who did you call first? How were you told? Did your SEO rankings take a hit? Was your webhoster helpful? Did you switch hosts/designers/products based on the infection. What other steps have you taken, etc.? Thus far (early in our survey), some interesting facets have already arisen..
Primarily:
1) Clients learned of their defacement primarily through their customers or colleagues. Because they don’t regularly monitor their site, they had no idea that they were infected.
2) Their web host provider was NOT helpful, not beneficial during the resolution process. Surprisingly enough, only a small percentage ’switched’ providers due to this.
3) Google was their main source of information on this issue, but the information was confusing, not really related, and generally was unhelpful overall.
Get the latest content on web security
in your inbox each week.