When a company's website is breached, Google places it on a blacklist containing all sites considered dangerous for Internet users.
As the saying goes, “adding insult to injury”: not only is the website damaged, but precisely because of this it is placed on the Google blacklist, becoming inaccessible to users. Consequence: the company's image and profits are severely penalized.
Google constantly scans about 60 trillion URLs, as well as searches, ads and suspicious addresses typed into browsers, looking for malware and possible phishing attempts. It is estimated that 10,000 websites are “quarantined” every day. Even if companies may consider themselves not responsible for what happened and would not want to be penalized, Google must also consider the safety of its users. In fact, a hacked and infected site can become a source of danger for those who browse it.
Google spokesperson Jason Freidenfelds emphasizes this important point: “About one billion people receive protection against phishing and malware every day, thanks to the warnings we show them on unsafe websites.”
In reality, the “insult” that attacked business owners are forced to endure is an excellent way to protect web users, the first Internet users to be safeguarded. Unfortunately this causes a significant drop in traffic to the victim site, and therefore in company profits. Avoiding this means investing in IT security, abandoning the illusion that one's business is immune from being breached.
An example comes from the story of Eric Erickson, a merchant of organic products for certain illnesses. His site was attacked in 2009, and his business was paralyzed. Only after 60 days did his site come back online, after he had lost several thousand dollars in profits.
In March his company was attacked again, but he was prepared: he had invested in the security of his IT systems and the attack was immediately thwarted. The blacklist, of course, did not see his name.
Once on the blacklist, Google will allow the site to be unlocked only after the threat has been removed and the site has been made safe for users.
This involves several steps: identifying the malware and how to remove it, determining where the attack originated, changing the password and finally relaunching the clean website.
As they say in medicine, prevention is better than cure, so it is wise not to be “savers” on IT system security and to invest to protect the image and profits of one's business.
There are companies specialized in IT system protection that can help you assess their risks and vulnerabilities. In Italy there is EasyAudit, the professional IT security service for your portals, reserved areas, websites or applications.
Choosing EasyAudit means relying on sector experts and offering a guarantee to your customers, thanks to the EasyAudit Checked trustmark.
Want to know how exposed your website is?
EasyAudit WEB checks websites, portals and e-commerce with a professional external audit designed for SMEs.