WhiteHat Security: Majority of Websites Are Vulnerable to Data Thieves

stats_report_2015_lp_bg.gif

The study, by WhiteHat Security, showed that public administration websites had the worst record when it came to patching up vulnerabilites, with 64% at risk every day. Retail sites ranked second, with 55% of their sites having at least one serious vulnerability every single day of the year.

WhiteHat Security founder Jeremiah Grossman said: "These are the vulnerabilities that can get you into trouble. They can compromise some or all of your systems, get user data, or take over accounts. About 2% of the vulnerabilities are patchable."
To dig deeper into why those vulnerabilities were not getting fixed, WhiteHat conducted in-depth surveys with 118 customer companies, ranging in size from start-ups to Fortune 50 firms.

The single biggest factor was whether an organisation's remediation efforts were driven by compliance reasons or risk reduction.
Perhaps unsurpringly, those who focused on compliance had the lowest number of vulnerabilities, at just 12 per website. They also had the highest remediation rate at 86%.

Another key factor was whether vulnerabilities were put into a company's bug tracking system.
"Someone has to transcribe it into the bug traffic system," he said. "But sometimes they'll just throw the report over the fence and just tell the developers to take care of it."

White Hat Wesite Securty Report: http://ow.ly/OFrgF 
DataIQ: http://bit.ly/1BqsF7j

 

« Financial Services Firms Stare into the Abyss as Data Breaches Rocket
A Quick Tour in the Web Black Market »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Charlton Networks

Charlton Networks

Charlton Networks provide a complete range of IT infrastructure, network and security solutions aimed at SME companies.

a1qa

a1qa

a1qa specializes in the delivery of full-cycle software QA and application testing services.

Masergy Communications

Masergy Communications

Masergy delivers hybrid networking, managed security and cloud communication solutions to enterprises around the globe.

MKD-CIRT

MKD-CIRT

MKD-CIRT is the national Computer Incident Response Team for Macedonia.

Exostar

Exostar

Exostar is the cloud platform of choice for secure enterprise and supply chain collaboration solutions and identity and access management expertise.

Lacework

Lacework

Lacework brings speed, scale, and automation to cloud security and allows security and DevOps teams to collaborate on keeping data and applications safe.

DirectDefense

DirectDefense

DirectDefense is an information security services and managed services provider.

Uppsala Security

Uppsala Security

Uppsala Security built the first crowdsourced Threat Intelligence platform known as the Sentinel Protocol, which is powered by blockchain technology.

Cynexlink

Cynexlink

Cynexlink offers Managed IT Services with Security, Network, Storage & Cloud solutions for all size of business.

Space ISAC

Space ISAC

Space ISAC is the only all-threats security information source for the public and private space sector.

RIA in a Box

RIA in a Box

MyRIACompliance combines our team of RIA compliance experts with an online software platform to help investment advisers better manage regulatory compliance and cybersecurity responsibilities.

FirstWave Cloud Technology

FirstWave Cloud Technology

FirstWave Cloud Technology is a global cyber security company which has been delivering Cybersecurity-as-a-service solutions to the market since 2004.

CyberArmor

CyberArmor

Cyber Armor defend everyday IT and OT systems, from government agencies to critical infrastructure, from system integrators to small industries.

Airiam

Airiam

Airiam provides cybersecurity, managed IT, consulting, incident response, and digital transformation services so you can focus on what matters most.

Rootshell Security

Rootshell Security

Rootshell Security is transforming vulnerability management with its vendor-agnostic Prism Platform and industry-leading offensive security assessments.

AArete

AArete

AArete is a global management and technology consulting firm specializing in strategic profitability improvement, digital transformation, and advisory services.