Every second company website is at risk!

M.Sc. Chris Wojzechowski

Every second company website is at risk!

Digitalisation with certainty a miss – every second company website is at risk! The eco – Association of the Internet Industry reports that about half of the websites in German corporate websites are badly configured. A resulting potential security risk is accepted by the companies. Data theft, defacement and missing customers are dangers that threaten a company if serious security gaps threaten its own infrastructure.

SIWECO scans websites and gives recommendations for action

According to its own information, around 1,406 websites were scanned. An alarming 39% of the sample still do not use encryption 1 1/2 years after the introduction of the DSGVO. Before the lack of confidentiality, users inside have already been notified in numerous browsers. Subtle hints such as “not secure” draw the surfer’s attention to a problem.

However, there are also ways of overriding the existing encryption on many websites. For example, about 8% of websites are vulnerable to the “POODLE” vulnerability. Another 5.6% can be attacked with a “Padding Oracle”. Vulnerabilities that should no longer appear in the broad masses.

Lack of update readiness – every second company website is vulnerable!

A quarter of the websites checked reveal the version of the content management system used. A third of this sample should update as quickly as possible – to close the known and above all critical security gaps. Who is affected and to what extent can be checked by the SIWECOS scanner free of charge. SIWECOS is an acronym for “Secure websites and content management systems”.

The project started in autumn 2016 and is a helpful tool for companies that do not have their own IT security competence but want to know what to do. SIWECOS does not replace a penetration test. In the latter case interfaces and web applications are also examined to a larger and deeper extent. However, for those who operate a website as a GALABAU company, the scanner provided by eco is sufficient in the first step.

SIWECOS is supported, developed by experts and offered free of charge!

The joint project is supported by the eco – Association of the Internet Industry, as well as by the Ruhr-Universität Bochum. Furthermore, CMS Garden e.V. is also involved. The IT-Security Startup Hackmanit also makes a contribution. The project is sponsored by the Federal Ministry of Economics and Energy (BMWi). The goal to increase the SME website security in the long run includes the fact to know where the weak points are lurking. The project, the association and the companies involved are therefore on the right track – but the companies concerned now also have a lot of work ahead of them.

Photo of author

M.Sc. Chris Wojzechowski

My name is Chris Wojzechowski and I studied my Master in Internet Security in Gelsenkirchen a few years ago. I am one of two managing directors of AWARE7 GmbH and a trained IT Risk Manager, IT-Grundschutz practitioner (TÜV) and possess the test procedure competence for § 8a BSIG. Our bread and butter business is performing penetration testing. We are also committed to promoting a broad understanding of IT security in Europe, which is why we offer the majority of our products free of charge.