WhiteHat Security: Majority of Websites Are Vulnerable to Data Thieves

stats_report_2015_lp_bg.gif

The study, by WhiteHat Security, showed that public administration websites had the worst record when it came to patching up vulnerabilites, with 64% at risk every day. Retail sites ranked second, with 55% of their sites having at least one serious vulnerability every single day of the year.

WhiteHat Security founder Jeremiah Grossman said: "These are the vulnerabilities that can get you into trouble. They can compromise some or all of your systems, get user data, or take over accounts. About 2% of the vulnerabilities are patchable."
To dig deeper into why those vulnerabilities were not getting fixed, WhiteHat conducted in-depth surveys with 118 customer companies, ranging in size from start-ups to Fortune 50 firms.

The single biggest factor was whether an organisation's remediation efforts were driven by compliance reasons or risk reduction.
Perhaps unsurpringly, those who focused on compliance had the lowest number of vulnerabilities, at just 12 per website. They also had the highest remediation rate at 86%.

Another key factor was whether vulnerabilities were put into a company's bug tracking system.
"Someone has to transcribe it into the bug traffic system," he said. "But sometimes they'll just throw the report over the fence and just tell the developers to take care of it."

White Hat Wesite Securty Report: http://ow.ly/OFrgF 
DataIQ: http://bit.ly/1BqsF7j

 

« Financial Services Firms Stare into the Abyss as Data Breaches Rocket
A Quick Tour in the Web Black Market »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

SSLGURU

SSLGURU

SSLGURU bring all of the major SSL certificate vendors to one market place in order to create the world's largest SSL store with the most competitive prices.

Egress Software Technologies

Egress Software Technologies

Egress Software Technologies is a leading provider of data security services designed to protect shared information throughout its lifecycle.

Centre for Cyber Security (CFCS) - Denmark

Centre for Cyber Security (CFCS) - Denmark

The Centre for Cyber Security is the Danish national IT security authority, Network Security Service and Centre for Excellence within cyber security.

DynaRisk

DynaRisk

DynaRisk helps companies protect their staff, clients and supply chain from cyber threats by enabling people to take action for themselves.

Yaana Technologies

Yaana Technologies

Yaana is a leading provider of intelligent compliance solutions including lawful interception, data retention & disclosure, and advanced security analytics.

iProov

iProov

iProov delivers authentication and verification simply and securely, based on a genuine one-time biometric.

Cyber Wales

Cyber Wales

Cyber Wales provides a focus and forum for everyone in the industry, helping businesses come together and collaborate both within Wales and internationally.

Binary Defense

Binary Defense

Binary Defense protect businesses of all sizes through advanced cybersecurity solutions including Managed Detection and Response, Security Information and Event Management and Counterintelligence.

Nettoken

Nettoken

Nettoken is the first identity management platform designed for everyday internet users, to encourage awareness and control of our ever expanding digital footprint and personal cybersecurity.

StartupXseed Ventures

StartupXseed Ventures

StartupXseed Ventures is a smart capital provider for Deep Tech, B2B, Early Stage Startups. We support, NextGen Tech Entrepreneurs, who have potential to deliver the outsized growth.

Infostream

Infostream

Infostream is a leading integrator of Digital Transformations Solutions (DTS); Public, Private, and Hybrid Cloud; Cybersecurity; Data Integrity; DevOps, DevSecOps, and Infrastructures.

Memcyco

Memcyco

Memcyco is a provider of cutting-edge digital trust technologies to empower brands in combating online brand impersonation fraud, and preventing fraud damages to businesses and their clients.

Axians

Axians

Axians supports its customers in their digital transformation journey. We offer ICT solutions and services in areas including Enterprise Networks and Cybersecurity.

Protos Labs

Protos Labs

Protos Labs enables insurers & enterprises to make better cyber risk decisions through holistic, real-time risk management tools.

TeKnowledge

TeKnowledge

TeKnowledge enables governments and enterprises around the world to navigate the challenges with digital transformation today and tomorrow with elite cybersecurity protection and managed services.

The Aerospace Corporation

The Aerospace Corporation

The Aerospace Corporation is playing a key role in advancing space cybersecurity through innovative prototypes that can quickly detect and mitigate cyber threats.