News & Sports Websites 'vulnerable to attack'

Uploaded on 2017-07-03 in FREE TO VIEW, NEWS-News Analysis

News and sports websites have some of the lowest levels of security adoption, a study has suggested.

A team of cyber-security experts looked at the security protocols used by the top 500 sites in various industries and online sectors. They found that fewer than 10% of news and sports websites used basic security protocols such as HTTPS and TLS. Even those that do are not always using the "latest or strongest protocols", one of the study's authors said.

"As time goes by, all encryption gets weaker because people find ways around it," Prof Alan Woodward, a cyber-security expert at the University of Surrey, told the BBC.

"We tested the University of Surrey's website using a site called Security Headers a couple of weeks ago and it got an A," he explained, "but it's only a C now."

Shopping and Gaming

The research, published in the Journal of Cyber Security Technology, shows that some sectors seem much more security-conscious than others.

The websites of computer and technology companies and financial organisations showed a much higher level of adoption than shopping and gaming sites, for example.

"In the financial sector, almost every one of the sites we looked at had encrypted links", Prof Woodward said, "but even in retail the adoption of the very latest standards is low."

A quarter of the shopping sites studied were using Transport Layer Security (TLS), which offers tools including digital certificates, remote passwords, and a choice of ciphers to encrypt traffic between a website and its visitors. But among news and sport websites fewer than 8% were found to be using the protocol. Among those that did, many failed to make use of some of the strongest tools available, such as HSTS, which automatically pushes users accessing an unsecured version of a website on to the encrypted version instead.

'Click on the padlock'

"It's like news and sport content providers don't value the security of their content," Prof Woodward said.

"They're leaving themselves vulnerable to attacks like cross-site scripting, where an attacker can pretend something's come from a website when it hasn't."

But Prof Woodward warned against putting too much faith in sites that appear to have the most up-to-date and comprehensive security protocols in place.

"People assume that because they're using TLS they're having a secure conversation, but there's no guarantee about who they're having that secure conversation with," he explained.

"Some of those spoof sites are using more up-to-date security than the genuine sites. You've got to click on that padlock and check who it is you're talking to."

BBC

You Might Also Read: 

Russian Hackers Posed as ISIS to Hack French TV Channel:

 

 

« Chinese Criminals Are Selling Your Apple Data
RBS Bank Warns Of Increased Cybercrime »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Blue Solutions

Blue Solutions

Blue Solutions is a consultancy-led, accredited software distributor who provides IT solutions and support to small and medium enterprises.

Secure360

Secure360

Secure360 focuses on the following key areas: governance, risk and compliance, information security, physical security, business continuity management, and professional development.

GTB Technologies

GTB Technologies

GTB Technologies is a cyber security company that focuses on providing enterprise class data protection and data loss prevention solutions.

Tigerscheme

Tigerscheme

Tigerscheme is a certification scheme for information security specialists, backed by University standards and covering a wide range of expertise.

Infosistem

Infosistem

Infosistem is a Croatian ICT company with extensive expertise and experience in enterprise and SMB ICT projects and solutions.

Finnish Accreditation Service (FINAS)

Finnish Accreditation Service (FINAS)

FINAS is the national accreditation body for Finland. The directory of members provides details of organisations offering certification services for ISO 27001.

CYBAVO

CYBAVO

CYBAVO is a cryptocurrency security company founded by experts from the cryptocurrency and security industries.

Leidos

Leidos

Leidos is a recognized leader in cybersecurity across the federal government, bringing more than a decade of experience defending cyber interests globally.

ThreatX

ThreatX

ThreatX provides complete web application & API protection to address expanding app footprints and complex attacks.

Cyber Ireland

Cyber Ireland

Cyber Ireland brings together Industry, Academia and Government to represent the needs of the Cyber Security Ecosystem in Ireland.

Digital Pathways

Digital Pathways

Digital Pathways is an award-winning data security provider that helps businesses protect their digital assets.

Liberman Networks

Liberman Networks

Liberman Networks is an IT solutions provider company that provides security, management, monitoring, BDR and cloud solutions.

Cyber Security Works (CSW)

Cyber Security Works (CSW)

Cyber Security Works is your organization’s early cybersecurity warning system to help prevent attacks before they happen.

Digital Element

Digital Element

Digital Element is a global IP geolocation and intelligence leader with unrivaled expertise in leveraging IP address insights to deliver new value to companies.

Data Computer Services

Data Computer Services

Data Computer Services provides professional tailored IT Support and IT Services for businesses throughout Edinburgh and the Lothians.

Vigilant Ops

Vigilant Ops

Vigilant Ops is a leader in Software Bill of Materials (SBOM) Automation. A proactive approach to cybersecurity with continuous vulnerability monitoring.