WhiteHat Security: Majority of Websites Are Vulnerable to Data Thieves

Uploaded on 2015-06-23 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

stats_report_2015_lp_bg.gif

The study, by WhiteHat Security, showed that public administration websites had the worst record when it came to patching up vulnerabilites, with 64% at risk every day. Retail sites ranked second, with 55% of their sites having at least one serious vulnerability every single day of the year.

WhiteHat Security founder Jeremiah Grossman said: "These are the vulnerabilities that can get you into trouble. They can compromise some or all of your systems, get user data, or take over accounts. About 2% of the vulnerabilities are patchable."
To dig deeper into why those vulnerabilities were not getting fixed, WhiteHat conducted in-depth surveys with 118 customer companies, ranging in size from start-ups to Fortune 50 firms.

The single biggest factor was whether an organisation's remediation efforts were driven by compliance reasons or risk reduction.
Perhaps unsurpringly, those who focused on compliance had the lowest number of vulnerabilities, at just 12 per website. They also had the highest remediation rate at 86%.

Another key factor was whether vulnerabilities were put into a company's bug tracking system.
"Someone has to transcribe it into the bug traffic system," he said. "But sometimes they'll just throw the report over the fence and just tell the developers to take care of it."

White Hat Wesite Securty Report: http://ow.ly/OFrgF 
DataIQ: http://bit.ly/1BqsF7j

 

« Financial Services Firms Stare into the Abyss as Data Breaches Rocket
A Quick Tour in the Web Black Market »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Cyber Conflict Studies Association (CCSA)

Cyber Conflict Studies Association (CCSA)

Cyber Conflict Studies Association (CCSA) is a non-profit organization dedicated to leading a diversified research agenda in the field of cyber conflict.

Plurilock Security Solutions

Plurilock Security Solutions

Plurilock is a real-time cybersecurity solution that uses artificial intelligence to identify, prevent, and eliminate insider threats.

CyberProof

CyberProof

CyberProof aims to give clarity and confidence to businesses worldwide using a new risk-based approach to cyber security services.

Data Protection People

Data Protection People

Data Protection People are specialists in Data Privacy, Governance, and Information Security.

Critical Insight

Critical Insight

Critical Insight provide Managed Detection and Response, Vulnerability Detection, and Consulting Services to help you secure your mission-critical systems.

Veridium

Veridium

Veridium is a leader in single step - multi factor biometric authentication, designed to safeguard enterprises’ most critical assets.

Carson McDowell

Carson McDowell

Carson McDowell are one of Northern Ireland's leading law firms. We are the law firm of choice for many of Northern Ireland's Top 100 companies as well as international companies doing business here.

GM Sectec

GM Sectec

GM Sectec is the world's largest independent Cyber Defense and Fraud Prevention firm laser focused on payment security.

Material Security

Material Security

Material is solving one of the most fundamental problems in security: protecting the data sitting in mailboxes.

Hackurity.io

Hackurity.io

Hackurity.io is a high energy IT security start-up founded in 2021 out of the frustration that IT Security is highly fragmented and reactive.

Ironblocks

Ironblocks

Ironblocks is a pioneering cybersecurity firm that specializes in delivering comprehensive, end-to-end security solutions for the rapidly evolving Web3 ecosystem.

CNF Technologies

CNF Technologies

CNF Technologies is an award-winning cyber company providing technology-focused research and development to commercial, federal, and Department of Defense clients.

Intertec Systems

Intertec Systems

Intertec Systems is an award-winning, global IT solutions and services provider that specializes in digital transformation, cybersecurity, sustainability, and cloud services.

Digital.ai

Digital.ai

Digital.ai empowers organizations to scale software development teams, continuously deliver software with greater quality and security.

Fairly AI

Fairly AI

Fairly AI is on a mission to democratize safe, secure, and compliant AI across the enterprise.

Neeve

Neeve

Neeve is an edge cloud platform transforming smart buildings and spaces, making them more secure, smarter, and more sustainable.