Cyber Attacks – More than 30% of the top websites are at risk

James Chiodo, Certified Information Privacy Professional CIPP/US

Cyber attackMenlo Security published a report in March 2015 that reveals vulnerabilities in over one-third of the top 1 million websites. Why are these sites at risk? What types of sites are the most dangerous? What can you do to protect yourself and your business? The results of this study will surprise you.

The Results of the Research

34 percent of the sites researched were considered vulnerable. Either the domain was already compromised or there was something about it that puts them at particular risk for a cyber attack. More than one in five sites surveyed was running software that opened the site up to danger. Six percent of sites were already spreading malware, spam, and phishing software.

One out of ten sites was made vulnerable by using an older version of PHP. Eight percent can trace their vulnerability to their web server software. Popular VCMs (virtual content management systems) such as WordPress and Drupal rounded out the list.

What Type of Sites Have the Least Trustworthy Content?

If you surf the web, you are used to being told to stay away from shady sites that allow things such as pirating, or that pornographic sites are responsible for most malware. In reality, the dark side of the Internet seems to run right on the average, with about one in three websites being vulnerable or already compromised.

Surprisingly, the highest rate of compromised sites is found in the field of education. Personal sites are actually revealed to be the safest sites on the web. Computer and technology sites also show a surprisingly high risk factor (despite the fact that they, of all websites, should know better and keep their software up to date).

The Implications for Your Business

1. Control What Your Employees Do Online

If your employees are visiting infected websites, your company’s entire internal network is at risk. Blocking pornographic and other explicit sites is a start, but the study clearly showed that these are not the only sites that pose a legitimate threat to your organization. Thus, while still important, filtering the websites that your employees can go to is only half the battle.

Real-time scanning of individual computers and the network as a whole may seem like an inconvenience, but the scope of the threat makes it a necessary one. The best way to stop malware from spreading is to spot it immediately, and quarantine it until it can be eliminated thoroughly.

Also, your employees need to be trained to be aware of security risks. This will limit the company’s exposure to danger. Combine this with a plan for how to respond if your company’s network is hacked in some way.

2. Guard Your Company’s Website

What does this involve? Consider the things that are leaving other sites vulnerable. Just ensuring that any website software the business use is always up to date will alleviate much of the problem. A well-trained technical staff will keep in touch with web software providers and promptly load any updates or patches that become available.

Anyone with a web browser (and a little knowledge) can check to see if your website’s infrastructure is vulnerable. Most hackers are opportunists and will go after the easiest target. Old versions of web software with known vulnerabilities make a hacker’s job almost too easy.

If it is discovered that your website has already been compromised in some way, the business needs a plan of action. Brand reputation is at stake, and the biggest mistakes that companies make include not being transparent with clients when information has been lost as well as not responding quickly enough. Having a game plan ahead of time (because, let’s face it, any business can be hacked at any time regardless of precautions) is the best way to keep ahead of a PR disaster.

The Lesson for Big Companies

Don’t believe that you are invulnerable simply because of the size of your business. Even reputable companies with high-quality websites are open to malware, spam, or unwittingly running botnets. This is something that every company has to think about.

The Lesson for Small Businesses

If you take care of your own website, then it is on you to keep your web software updated. If you hire someone to take care of your site and hosting, be sure they are reputable and will keep everything up to date for you. Ultimately, if something goes wrong, it will come back on your business, not the company that handles the website for you.


New California & Nevada Privacy Laws Affect Website and Mobile App Owners ➞ Read More