It would be common to say that information systems in general, and websites in particular, are constantly exposed to various risks in the areas of information security and cyber security. These risks relate to threats to the integrity of the information in the systems, the availability of information as well as the confidentiality of the information and the prevention of its disclosure from unauthorized parties. However, it seems that while this field is gaining increasing attention not only in large organizations but also medium and small businesses, the SEO cyber domain is neglected. This article will deal with the conduct of large and small organizations in the field of information security, mentioning corporate politics here and there, and will flood the emerging risk that currently seems to be under the radar of quite a few companies in Israel.
The Bank of Israel's Proper Conduct of Banking Directive 361 on "Cyber Security Management" regulates the obligations of a banking corporation on this issue. Among other things, the provision determines how a banking corporation is supposed to conduct a cyber event and, in particular, relates to the identification, analysis, containment, decision and restoration of routine computer systems. In addition, the provision imposes well-defined roles on the boards and management of banking corporations.
why is it important?
Because when a large organization like a banking corporation is preparing for a cyber threat, it does so after careful and detailed planning. It allocates many resources utilized to address various issues. It allocates budgets to that. It subordinates the director of cyber defense directly to a member of management in charge of Information technology.
And why is that important? Because allocating a large organization's resources in the face of cyber threats can teach us something about the market: what the market is focused on, what products are in it, and also what the market is not focused on, and not prepared to handle.
Routine Threats and Information Security Solutions
So, when analyzing the behavior of many organizations in the economy, they realize that they deal with various types of threats: dealing with viruses, worms, trojans, infidels, man-in-the-middle attacks, leakage of information, disruption of information, damage to the physical and logical infrastructure of the organization, and many other sub-issues in the world of information security and cyber security.
Every information security manager at a large organization you meet will tell you how in recent years he has managed to increase the amount of resources available to him, and how his standing in the organization has been strengthened not only by his organizational subordination to the company's IT manager, though also by his right to stop various software component transfers to the production environments, if these software components contain exposures in the field of information security that can cause damage to the organization.
These large organizations use software against malwares such as various antiviruses, firewalls, IPS, IDS, event analysis centers, SIEM systems for identifying and monitoring information security events, information leak prevention systems, information security management, identifying unauthorized device connections, and more. Different products and services whose role is to protect the organization from various threats.
Common to all the threats and solutions presented here, even though they are very partial, is the fact that everyone protects the company's network and assets from outside intrusion. Though what about risks that do not require an attacker to have access to the organization's digital assets? What if an attacker could affect the organic traffic coming to the company's website, reduce it significantly, minimize customer inquiries for services, decrease the organization's revenue from the web channel and everything under the radar, without the organization having tools that could identify this attack, or professionals who knew how to handle it?
The threat of SEO to SMEs
Information security professionals at a large organization, or experts who provide information security services for small businesses, do not specialize in preventing negative SEO. As a result, control teams that monitor events that may affect the security level of the organization do not even realize that they should regularly check the website's link profile. They are unaware of the possibility of generating on the website, through forms, comment engines and other means, worthless and thin content, which can hurm the promotion of the website, or promote specific pages for irrelevant search phrases.
Since the field of information security and cyber security is a hot area with huge budgets invested, more and more information security managers in large organizations are presenting impressive work plans that include dozens of information security professionals, including architects who are able to analyze cyber risks in their information systems and monitor their deficiencies.
However, of the dozens of information security professionals recruiting such organizations, there is not one information security person who devotes his resources to dealing with threats related to the organic promotion of the website (other than Michael the older brother). So, a simple question is asked: will this situation continue in the coming years?