WhiteHat Security: Majority of Websites Are Vulnerable to Data Thieves

Uploaded on 2015-06-23 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

stats_report_2015_lp_bg.gif

The study, by WhiteHat Security, showed that public administration websites had the worst record when it came to patching up vulnerabilites, with 64% at risk every day. Retail sites ranked second, with 55% of their sites having at least one serious vulnerability every single day of the year.

WhiteHat Security founder Jeremiah Grossman said: "These are the vulnerabilities that can get you into trouble. They can compromise some or all of your systems, get user data, or take over accounts. About 2% of the vulnerabilities are patchable."
To dig deeper into why those vulnerabilities were not getting fixed, WhiteHat conducted in-depth surveys with 118 customer companies, ranging in size from start-ups to Fortune 50 firms.

The single biggest factor was whether an organisation's remediation efforts were driven by compliance reasons or risk reduction.
Perhaps unsurpringly, those who focused on compliance had the lowest number of vulnerabilities, at just 12 per website. They also had the highest remediation rate at 86%.

Another key factor was whether vulnerabilities were put into a company's bug tracking system.
"Someone has to transcribe it into the bug traffic system," he said. "But sometimes they'll just throw the report over the fence and just tell the developers to take care of it."

White Hat Wesite Securty Report: http://ow.ly/OFrgF 
DataIQ: http://bit.ly/1BqsF7j

 

« Financial Services Firms Stare into the Abyss as Data Breaches Rocket
A Quick Tour in the Web Black Market »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Pole SCS (Secure Communicating Solutions)

Pole SCS (Secure Communicating Solutions)

SCS is a world-class competitiveness cluster dedicated to digital technologies in the fields of Microelectronics, Internet Of Things, Digital Security, Artificial Intelligence And Big Data.

SQNetworks

SQNetworks

SQNetworks provides a full range of cybersecurity consultancy, services and solutions.

Romanian Association for Electronic Industry & Software (ARIES)

Romanian Association for Electronic Industry & Software (ARIES)

ARIES is the Romanian Association for Electronic Industry and Software, the biggest and most influental organization created for the IT&C industry in Romania.

ERMProtect

ERMProtect

ERMProtect is a leading Information Security & Training Company that helps businesses improve their cybersecurity posture and comply with regulations.

Surevine

Surevine

Surevine builds secure, scalable collaboration solutions for the most security conscious organisations, enabling collaboration on their most sensitive information.

Cervello

Cervello

Cervello is a leading provider of comprehensive and proven solutions to protect railways against cyber attacks.

Red Alert Labs

Red Alert Labs

Red Alert Labs is an IoT security provider. We created an independent security lab with a disruptive business offer to solve the technical and commercial challenges in IoT.

UK Research & Innovation (UKRI)

UK Research & Innovation (UKRI)

UKRI works in partnership with universities, research organisations, businesses, charities, and government to create the best possible environment for research and innovation to flourish.

Nemko

Nemko

Nemko offers testing, inspection, and certification services worldwide, mainly concerning products and systems, but also for machinery, installations, and personnel.

Axis Security

Axis Security

Axis Security technologies transform open networks and vulnerable applications into fully protected resources that the business can trust.

Virtue Security

Virtue Security

Virtue Security are specialists in web application penetration testing.

Consistec Engineering & Consulting

Consistec Engineering & Consulting

Consistec Engineering & Consulting GmbH is an information technology and services company offering solutions for monitoring the security of IT and OT infrastructure.

Cardonet

Cardonet

Cardonet is an IT Support and IT Services business offering end-to-end IT services, 24x7 IT Support to IT Consultancy, Managed IT and Cyber Security.

Xscale Accelerator

Xscale Accelerator

Xscale's vision is to create world-class startups out of India by transforming sales and providing access to global markets.

Triaxiom Security

Triaxiom Security

Triaxiom Security offers penetration testing, security audits, and strategic consulting customized to meet your needs.

Fulcrum Technology Solutions

Fulcrum Technology Solutions

The Fulcrum team of technologists are recognized experts in the fields of IT Infrastructure Technology, Security, Service Management and Support.