I recently attend an interesting talk at the RSA Europe Security conference on the subject of Google-Hacking and Google-Shielding given by Amichai Shulman, CTO of Imperva. Shulman is a really smart guy and understands how hackers will exploit search engines.
Schulman noted that one of the most prominent threats to online applications is the unintentional leakage of sensitive data via Google and other search engines. Schulman gave numerous examples of various automated tools that make the exploitation of this issue even easier for malicious individuals. One truly devastating attack is what he calls The Search of Death which is a type of mega-worm that crawls its way to vulnerable websites using search engines.
But the underlying issue is that in the rush to get their site optimized for search, far too many organizations have forgotten about security. Are your internal SEO experts and consultants advising you on the myriad risks with Google? Are you aware how much of your data is leaking out and available on Google and other search engines?
If you havenâ€™t answered a strong yes to both of these questions, then your site is a strong candidate for Google exploitation. While the O in SEO is optimization, that optimization must include security. If you donâ€™t know where your confidential data resided and how it is being used, then you likely donâ€™t know how to prevent its loss. That sets up a perfect storm for data loss when dealing with SEO, as your SEO people likely donâ€™t even have security on their minds.
Once a Googlebot and similar agents have finished, and your data has been breached, only an act of God will ever purge your data from the search engines. Security must be an integral part of your SEO strategy. If not, your data is at risk of loss and exposure. In my book, that is not optimization.
Ben Rothke is a security consultant and author of Computer Security: 20 Things Every Employee Should Know.