Nearly a quarter of IT managers don’t know how secure their website is.
2011’s security breach at Sony’s PlayStation Network, thought to be the largest data security leakage ever, was so damaging its effects are still being felt today. After an infection of 10 of its servers, over 75 million global customer account details were stolen. Questions were raised in parliaments worldwide, lawsuits were launched and user access to games was blocked for over a month.
This was a very significant and public security failing and resultant loss of trust, but according to the results of a new survey, similar vulnerabilities could exist right across the web. The problem is that most companies just don’t know.
In Symantec Website Solution’s vulnerability gap white paper we surveyed 200 IT professionals in all sizes of business across four European territories to find out how much they know about their exposure to threats and what they are doing to improve that knowledge. Nearly a quarter admit they don’t know how secure their websites are, yet more than half of respondents admitted they have never carried out a website vulnerability assessment.
While respondents generally ranked the likelihood of their websites suffering from specific vulnerabilities as low, Symantec’s own experience from carrying out its free vulnerability assessments is that more than 25% have critical vulnerabilities.
Malware infection, one of the biggest emerging security threats, often comes as a direct result of website vulnerabilities. According to Symantec’s most recent Internet Security Threat Report, 403 million unique types of malware were discovered in 2011, making it clear that if a website has a vulnerability it will be exploited. Vulnerability assessments, which come free with Symantec Extended Validation and Pro SSL certificates, can fill the information vacuum – not only pointing to where vulnerabilities exist but also to the corrective action that is required to fix them.