WhiteHat Security: Majority of Websites Are Vulnerable to Data Thieves

Uploaded on 2015-06-23 in TECHNOLOGY--Resilience, NEWS-News Analysis, FREE TO VIEW

stats_report_2015_lp_bg.gif

The study, by WhiteHat Security, showed that public administration websites had the worst record when it came to patching up vulnerabilites, with 64% at risk every day. Retail sites ranked second, with 55% of their sites having at least one serious vulnerability every single day of the year.

WhiteHat Security founder Jeremiah Grossman said: "These are the vulnerabilities that can get you into trouble. They can compromise some or all of your systems, get user data, or take over accounts. About 2% of the vulnerabilities are patchable."
To dig deeper into why those vulnerabilities were not getting fixed, WhiteHat conducted in-depth surveys with 118 customer companies, ranging in size from start-ups to Fortune 50 firms.

The single biggest factor was whether an organisation's remediation efforts were driven by compliance reasons or risk reduction.
Perhaps unsurpringly, those who focused on compliance had the lowest number of vulnerabilities, at just 12 per website. They also had the highest remediation rate at 86%.

Another key factor was whether vulnerabilities were put into a company's bug tracking system.
"Someone has to transcribe it into the bug traffic system," he said. "But sometimes they'll just throw the report over the fence and just tell the developers to take care of it."

White Hat Wesite Securty Report: http://ow.ly/OFrgF 
DataIQ: http://bit.ly/1BqsF7j

 

« Financial Services Firms Stare into the Abyss as Data Breaches Rocket
A Quick Tour in the Web Black Market »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ISACA Conferences

ISACA Conferences

ISACA is dedicated to offering the most dynamic and inclusive conferences to keep you abreast of the latest advances in IT and Information Security.

French Expert Center Against Cybercrime (CECyF)

French Expert Center Against Cybercrime (CECyF)

CECyF is a centre of excellence for countering cybercrime in France.

Siscon

Siscon

Siscon delivers tailor-made compliance solutions that are based on the customer's specific wishes and reality and then supplement with many years of experience in the field.

Electric Imp

Electric Imp

Electric Imp offers an innovative and powerful Internet of Things platform that securely connects devices with advanced cloud computing resources.

Pindrop Security

Pindrop Security

Pindrop solutions are leading the way to the future of voice by establishing the standard for security, identity, and trust for every voice interaction.

Devel

Devel

Devel is a LATAM cybersecurity company specialized in providing red, blue and purple team services for the financial sector.

CipherTrace

CipherTrace

CipherTrace develops cryptocurrency Anti-Money Laundering, cryptocurrency forensics, and blockchain threat intelligence solutions.

APT Search

APT Search

APT Search is a recruitment company specialising within the Legal Technology, Cybersecurity and Privacy sectors.

Forgepoint Capital

Forgepoint Capital

ForgePoint Capital is a premier venture investor for early stage cybersecurity companies.

BluBracket

BluBracket

BluBracket is the first comprehensive security solution that makes code safe—so developers can innovate and collaborate, and security teams can sleep at night.

Trust Stamp

Trust Stamp

Trust Stamp provide Identity and Trust as a Service to answer two fundamental questions: “Who are you?” and “Do I trust you?"

Red Piranha

Red Piranha

Red Piranha's Crystal Eye Unified Threat Management Platform is designed for Managed Service Providers and corporations that need extreme security that is both easy to use and affordable.

Ukrainian Academy of Cyber Security (UACS)

Ukrainian Academy of Cyber Security (UACS)

UACS is a professional non-profit public organization established to promote the development of an extensive network and ecosystem of education and training in the field of cyber security.

Digital Craftsmen Ltd

Digital Craftsmen Ltd

We're ISO27001 & Cyber Essentials Cybersecurity experts, delivering full cloud security and managed services. We take a bespoke approach for each client from hosting, optimising & securing them online

CyberAcuView

CyberAcuView

CyberAcuView is a company dedicated to enhancing cyber risk mitigation efforts across the insurance industry.

Sekuro

Sekuro

Sekuro is your leading governance and cyber security partner. Building organisational resilience. Enabling fearless innovation.