July 26, 2016
Would Your Company Fail A Web Security Test?
How solid is your firm’s web security? According to recent findings by the penetration expert Ilia Kolochenko, probably not very good. Kolochenko should know. He is the CEO of High-Tech Bridge, and he and his research team have just finished an extensive review of business internet vulnerabilities. The results aren’t pretty. The two biggest highlights of the research team’s findings are as follows:
Nearly a quarter (23%) of all websites are still using SSL version 3. That’s problematic because SSL v3 has been deprecated, given that SSL v3 fallbacks were directly to blame for such exploits as BEAST and POODLE.
Nearly 80% of all webservers have missing, insecure, or incomplete HTTP headers. This leaves any web apps running on those servers at greater risk of being exploited.
Kolochenko went on to explain that a vast number of companies tend to grossly underestimate the number of digital assets they have in play. This causes them to completely miss entire segments of their infrastructure, ranging from old web servers, to seldom used backup machines, and the like. All of these are potential weak spots for a company. All of them represent chinks in your firm’s virtual armor, and any one of them can be easily exploited by a determined hacker.
It only takes one point of weakness for a hacker to breach your system and gain access to your entire network. Once inside, there’s really no limit to the amount of damage that could be caused.
Keeping paced with the ever-changing world of digital security can be a daunting task. If you’re feeling overwhelmed by it and need help getting a handle on your digital security, contact us today, and one of our knowledgeable team members will assess your current security, and make recommendations for improving it and making it more robust.