uk cybersecurity
- Thread starter matthewbeddoes
- Start date
Having googled him, there are quite a lot of reasons.
I'd build on those reasons as a selling point. Intrusion testing, that kind of thing.
Upvote
0
- Original Poster
- #4
I still have more to do with the website, and need to link it to my linkedin, where all my articles are. I was going to post them on the website, but i can drive social traffic with it on linkedin. Im just focusing on cyber security testing, ive been experimenting with neural networking as im learning it at uni (going for my degree in AI and Robotics) and intend building tools for testing as systems get more advanced.
Upvote
0
- Original Poster
- #5
Our main focus is monthly assessments for £250, which are ideal for wordpress users, as this tests the wordpress plugins and templates for new security issues that may arise.
We also offer a £2500 per year package which includes a full website security also monthly smaller more focused security testing and each client is included in our threat intelligence system, customised to the clients requirements.
Question is, do you think the prices are affordable for simple wordpress based websites ?
We also offer a £2500 per year package which includes a full website security also monthly smaller more focused security testing and each client is included in our threat intelligence system, customised to the clients requirements.
Question is, do you think the prices are affordable for simple wordpress based websites ?
Upvote
0
No, most simple WordPress sites don't have anything important to break. Even if you hack into them, you are unlikely to find anything more interesting than a few form submissions.
If it's a big/busy site then this might be interesting, but not in most cases.
If it's an e-commerce site with payment and stock control tied in then I can see the risk being more relevant.
If it's a big/busy site then this might be interesting, but not in most cases.
If it's an e-commerce site with payment and stock control tied in then I can see the risk being more relevant.
Upvote
0
- Original Poster
- #7
I dissagree there, coming from a whitehat perspective its hard to see the value, however imagine if your rivals was able to take all your leads from your database, or redirect people from your business to them, or even attack devices just through clicking a link to your website, which could datamage both your business and reputation.
You are responsible, if someone clicks on a link to your website and gets infected, thats not a good luck and could also result in legal issues.
In Cyber security it is easy to confuse people with snake-oil like firewalls, anti viruses and insurance but that dont protect the data or your clients.
Remember when someone contacts you via your form, thats what drives your business. If this is messed with then it could potentially damage the reputation of your business or worse.
You are responsible, if someone clicks on a link to your website and gets infected, thats not a good luck and could also result in legal issues.
In Cyber security it is easy to confuse people with snake-oil like firewalls, anti viruses and insurance but that dont protect the data or your clients.
Remember when someone contacts you via your form, thats what drives your business. If this is messed with then it could potentially damage the reputation of your business or worse.
Upvote
0
- Original Poster
- #8
Lets say, YOU have a netgear dgn2000 router, and you follow a malicious link. That link could inject code into your browser, which then bounces back through onto your network and install malware on your router, or worse redirect all of your business traffic.
The Chat built into say a wordpress website, could have a blind XSS attack, which executes admin side, which could result in access to confidential data.
Mobile applications have deep links, which open the mobile app if say bitcoin://bitcoinaddr or worse executes commands. These could be accessed by XSS attacks too.
Dont just think about what bugs directly affect the security of your website, think about the bugs that can directly affect your business. This is how i look at security.
The Chat built into say a wordpress website, could have a blind XSS attack, which executes admin side, which could result in access to confidential data.
Mobile applications have deep links, which open the mobile app if say bitcoin://bitcoinaddr or worse executes commands. These could be accessed by XSS attacks too.
Dont just think about what bugs directly affect the security of your website, think about the bugs that can directly affect your business. This is how i look at security.
Upvote
0
I'd agree with all that, most people don't take website security seriously at all.
But I think it will be a lot harder to tell a £250 per month service to someone who has a simple site and sees simple risks, than a £2,500 per month service to someone who knows that their site is valuable and vulnerable.
But I think it will be a lot harder to tell a £250 per month service to someone who has a simple site and sees simple risks, than a £2,500 per month service to someone who knows that their site is valuable and vulnerable.
Upvote
0
- Original Poster
- #12
i see what you are saying, the aim is to cater to the high end later, at moment im looking around me in the midlands, and i already see alot of businesses with insecure websites, ranging from property websites to ecommerce. Ive contacted them offering security testing, only time will tell if they take it serious.
Upvote
0
Email marketing giant Mailchimp has confirmed a data breach after malicious hackers compromised an internal company tool to gain access to customer accounts.
techcrunch.com
Email marketing giant Mailchimp has confirmed a data breach
Email marketing giant Mailchimp said hackers targeted customers in the cryptocurrency and finance sectors.
techcrunch.com
Upvote
0
Can’t see many small businesses wanting to pay £250/month for you to run a security check on a Wordpress site. They might pay you once but unless there are major changes to the site why would they need a monthly check?
A well built Wordpress site is very unlikely to have many if any vulnerabilities. In umpteen years of running multiple sites I’ve never once been compromised.
A well built Wordpress site is very unlikely to have many if any vulnerabilities. In umpteen years of running multiple sites I’ve never once been compromised.
Upvote
0
- Original Poster
- #17
Wordpress is a very secure platform, however plugins can become out of date, new exploits are found pretty regular. The monthly scans are optional for those who want peace of mind, also if people select monthly, i keep special eyes open for anything that can affect the clients website, Im actually pretty open to ideas of services and payment structures. Its a fresh business so i want to stay pretty flexible.
Upvote
0
Unfortunately a lot of sites aren't well built
Critical vulnerability in popular WordPress plugin exposes millions of sites to hacking - SiliconANGLE
Critical vulnerability in popular WordPress plugin exposes millions of sites to hacking - SiliconANGLE
siliconangle.com
Upvote
0
- Original Poster
- #19
WordPress Plugin Elementor 3.6.2 - Remote Code Execution (RCE) (Authenticated)
WordPress Plugin Elementor 3.6.2 - Remote Code Execution (RCE) (Authenticated).. webapps exploit for PHP platform
few days ago.
# Exploit Title: WordPress Plugin Elementor 3.6.2 - Remote Code Execution (RCE) (Authenticated)
# Date: 04/16/2022
# Exploit Author: AkuCyberSec (https://github.com/AkuCyberSec)
# Vendor Homepage: https://elementor.com/
# Software Link: https://wordpress.org/plugins/elementor/advanced/ (scroll down to select the version)
# Version: 3.6.0, 3.6.1, 3.62
# Tested on: WordPress 5.9.3 (os-independent since this exploit does NOT provide the payload)
This is what im talking about. A Remote Code Execution or RCE is like an attacker having command prompt access to your website, where they could delete the entire website, steal your leads, infect your users or worse.
btw my website http://www.ukcybersecuritytesting.com yes it looks basic for now, i made it in express and nodejs to add more features later. But its a start..
Upvote
0
#WatchingWithInterest
I'm going to add a +1 to this comment. My organisation pays close the top end above on cyber security, and have engaged whitehat EH's to test our platforms for us with bounties. I wouldn't even look at a service at £250 a month as I'd assume (perhaps incorrectly) that it's nothing more than a vulnerability scanner ran over our software platform. We do that ourselves.
Upvote
0
£250/year might be more attractive. But even then exploits are regularly reported and plugins updated. Sensible owners will keep on top of this. Those who don’t are unlikely to pay you anything.
Offer a Wordpress maintenance service that includes security scans and you might get some traction. But you will spend more time and effort finding clients than you will doing any testing.
Upvote
0
Yes, but as I said a well built site won’t have this problem. Elementor is not an indicator of a well built site. People using Elementor are not your target client.WordPress Plugin Elementor 3.6.2 - Remote Code Execution (RCE) (Authenticated)
WordPress Plugin Elementor 3.6.2 - Remote Code Execution (RCE) (Authenticated).. webapps exploit for PHP platformwww.exploit-db.com
few days ago.
# Exploit Title: WordPress Plugin Elementor 3.6.2 - Remote Code Execution (RCE) (Authenticated)
# Date: 04/16/2022
# Exploit Author: AkuCyberSec (https://github.com/AkuCyberSec)
# Vendor Homepage: https://elementor.com/
# Software Link: https://wordpress.org/plugins/elementor/advanced/ (scroll down to select the version)
# Version: 3.6.0, 3.6.1, 3.62
# Tested on: WordPress 5.9.3 (os-independent since this exploit does NOT provide the payload)
This is what im talking about. A Remote Code Execution or RCE is like an attacker having command prompt access to your website, where they could delete the entire website, steal your leads, infect your users or worse.
btw my website http://www.ukcybersecuritytesting.com yes it looks basic for now, i made it in express and nodejs to add more features later. But its a start..
Upvote
0
To be fair I think almost all business owners wouldn’t even know if their website plug-ins could even get out of date. It’s not their area of expertise and once their website is built they’re happy and move onto the next issue in their business to deal with.
Upvote
0
I agree. But these people aren’t going to worry about security either and certainly aren’t going to pay £250/month for someone to tell them their plugins need updating.
Upvote
0
Maybe you need to team up with someone like this: https://www.wordfence.com/
Claiming back off tax is not really an incentive. And you need to be a lot cheaper if you are targeting wordpress users.
Claiming back off tax is not really an incentive. And you need to be a lot cheaper if you are targeting wordpress users.
Upvote
0
I think you need to build a better picture of your potential clients - £3k a year for a business that turns 10's of thousands a year won't happen.
You are probably looking at more medium size businesses or those who have a major online presence.
Upvote
0
True, we could just not pay for any external testing, and when we write the software product that we sell we do code it with security in mind. That said, it’s always good to get a second external opinion to security test the software we write to check we haven’t missed anything.
Upvote
0
Insert meme “Not sure if trolling or being serious” ?
Would you really want to invite a cyber back door into your home network like this?
Upvote
0
I’m really not sure what that’s got to do with Barry who runs his own plumbing business, or Sarah who runs her own electrician business. Why would either of them want to buy a Raspberry Pi and run their own web server and mail server on these devices over their broadband connection?
I really don’t think that’s the best advice for them. I also feel it adds a security vulnerability to their home network, especially given they will have no idea how to even setup a mail server or web server and secure it correctly.
What you can do personally isn’t really relevant, but of course as you have the capability and means to do so for yourself that’s great. I’d wouldn’t recommend it myself to someone who doesn’t have the skills to manage a server though.
I really don’t think that’s the best advice for them. I also feel it adds a security vulnerability to their home network, especially given they will have no idea how to even setup a mail server or web server and secure it correctly.
What you can do personally isn’t really relevant, but of course as you have the capability and means to do so for yourself that’s great. I’d wouldn’t recommend it myself to someone who doesn’t have the skills to manage a server though.
Upvote
0
- Original Poster
- #36
I like the response from before, educating people to do it themselves. Ive been on both sides of cyber security spectrum, from black hat hacker which you can google about to ethical hacking side of things.
Apathy is the biggest issue, so im looking at starting some videos, and real time events whether over coffee at local cafe or online to counter apathy and get people talking.
Adverts and websites, are nothing compared to actually talking to people.
Apathy is the biggest issue, so im looking at starting some videos, and real time events whether over coffee at local cafe or online to counter apathy and get people talking.
Adverts and websites, are nothing compared to actually talking to people.
Upvote
0
Then I'm afraid you have misread the thread. It is actually a thread someone asking for some business advice on running a business to support others with cyber security services.
No you mentioned it once, but never mind because I've donated £1,000 to Track myself, a voluntary organisation that supports autistic people into work.
We're going to have to disagree and move on. I never said I could personally hack a Raspberry Pi and I also disagree with your opinion on cyber security.
Upvote
0
There a plenty of companies out there with proven track records such as checkpoint
All in I can only assume you are trolling here wit your Pi gangster solutions and recommending open up ports on business firewalls which the average Joe business should never go near regardless of guides on the internet to build his open source email server.
I get where you come from but your PI solutions and math is way off to make it a viable option to compete with the likes of let's say exchange online for £36 / year. Even on the cheapest option your PI is only designed for 12 months warranty so needs to be replaced every year, throw in backup drives and some other goodies and many hours of setup you looking closer to £1000 to actual run and setup a server like that excluding maintenance and patching. £36 a year gives you 50gig shared mailboxes and a whole army of security experts working to protect your data.
Not sure how Linux will protect anybody from online scams via fishing websites.
Here again false economy. There is no open source tool avaiaible to actually wipe in bulk and specially wipe modern nand flash tech so again you showing half assed knowledge and make it worst.
All in I can only assume you got a bad and trolling us here tonight.
Upvote
0
It's an interesting thread
As the target market is simple wordpress sites, then the scope is going to be the smaller companies such as one man bands, partnerships, family businesses and larger ones like engineering workshops etc
For this, £250 per month is probably going to take some justifying - problem is, and this is something you'll no doubt have seen, cybersecurity only really seems to become an issue after it has become an issue and I suspect you'll hit this barrier particularly with smaller and likely more cash strapped businesses.
Things like compliance become a consideration with larger, more formally operated and regulated companies and so there's some baked in value to having good security and being able to demonstrate it even if you didn't have any specific concerns about cybercrime, but for a business that just wants to do some work and make some money in a crazy economy that probably doesn't have a lot to throw at anything or even have much cybersecurity awareness it might be hard to demonstrate the value of this outlay. I am not saying the value isn't there, just that it's going to be hard to communicate.
That said, I said it's an interesting thread because tis is an area that actually is really relevant, especially as things such as data breaches are being taken increasingly seriously by both consumers and regulators I do think even smaller businesses are going to have to give thought to it.
As the target market is simple wordpress sites, then the scope is going to be the smaller companies such as one man bands, partnerships, family businesses and larger ones like engineering workshops etc
For this, £250 per month is probably going to take some justifying - problem is, and this is something you'll no doubt have seen, cybersecurity only really seems to become an issue after it has become an issue and I suspect you'll hit this barrier particularly with smaller and likely more cash strapped businesses.
Things like compliance become a consideration with larger, more formally operated and regulated companies and so there's some baked in value to having good security and being able to demonstrate it even if you didn't have any specific concerns about cybercrime, but for a business that just wants to do some work and make some money in a crazy economy that probably doesn't have a lot to throw at anything or even have much cybersecurity awareness it might be hard to demonstrate the value of this outlay. I am not saying the value isn't there, just that it's going to be hard to communicate.
That said, I said it's an interesting thread because tis is an area that actually is really relevant, especially as things such as data breaches are being taken increasingly seriously by both consumers and regulators I do think even smaller businesses are going to have to give thought to it.
Upvote
0
Latest Articles
-
The Most Dangerous Moment in Business Is When Everything Is Going WellThey Saw It Coming. They Did Nothing. The Lessons Every Business Owner...
- Ozzy
- Updated:
-
AI and Your Business: Useful Tool, Not a Magic WandThere is no shortage of noise around artificial intelligence right now...
- Ozzy
- Updated:
-
Companies House WebFiling security incident: what happened, what to check, and what to do nextCompanies House has confirmed that its WebFiling service suffered a...
- Ozzy
- Updated:
-
Spring Budget 2026: A Quiet Update for UK BusinessesChancellor Rachel Reeves delivered the UK’s Spring Statement on 3 March...
- Ozzy
- Updated:
-
Practical Ways to Make Your Small Business More Resilient (Especially When the Unexpected Happens)Running a business means juggling plenty of things you can plan for and...- UKBF Editor
- Updated: