Google / Uncategorized

Every second company website is at risk!

Every second company website is at risk!

Digitalisation with certainty a miss – every second company website is at risk! The eco – Association of the Internet Industry reports that about half of the websites in German corporate websites are badly configured. A resulting potential security risk is accepted by the companies. Data theft, defacement and missing customers are dangers that threaten a company if serious security gaps threaten its own infrastructure.

SIWECO scans websites and gives recommendations for action

According to its own information, around 1,406 websites were scanned. An alarming 39% of the sample still do not use encryption 1 1/2 years after the introduction of the DSGVO. Before the lack of confidentiality, users inside have already been notified in numerous browsers. Subtle hints such as “not secure” draw the surfer’s attention to a problem.

However, there are also ways of overriding the existing encryption on many websites. For example, about 8% of websites are vulnerable to the “POODLE” vulnerability. Another 5.6% can be attacked with a “Padding Oracle”. Vulnerabilities that should no longer appear in the broad masses.

Lack of update readiness – every second company website is vulnerable!

A quarter of the websites checked reveal the version of the content management system used. A third of this sample should update as quickly as possible – to close the known and above all critical security gaps. Who is affected and to what extent can be checked by the SIWECOS scanner free of charge. SIWECOS is an acronym for “Secure websites and content management systems”.

The project started in autumn 2016 and is a helpful tool for companies that do not have their own IT security competence but want to know what to do. SIWECOS does not replace a penetration test. In the latter case interfaces and web applications are also examined to a larger and deeper extent. However, for those who operate a website as a GALABAU company, the scanner provided by eco is sufficient in the first step.

SIWECOS is supported, developed by experts and offered free of charge!

The joint project is supported by the eco – Association of the Internet Industry, as well as by the Ruhr-Universität Bochum. Furthermore, CMS Garden e.V. is also involved. The IT-Security Startup Hackmanit also makes a contribution. The project is sponsored by the Federal Ministry of Economics and Energy (BMWi). The goal to increase the SME website security in the long run includes the fact to know where the weak points are lurking. The project, the association and the companies involved are therefore on the right track – but the companies concerned now also have a lot of work ahead of them.

Photo of author

Chris Wojzechowski

Mein Name ist Chris Wojzechowski und ich habe vor wenigen Jahren meinen Master in Internet-Sicherheit in Gelsenkirchen studiert. Ich bin geschäftsführender Gesellschafter der AWARE7 GmbH und ausgebildeter IT-Risk Manager, IT-Grundschutz Praktiker (TÜV) und besitze die Prüfverfahrenskompetenz für § 8a BSIG. Unser Brot und Buttergeschäft ist die Durchführung von Penetrationstests. Wir setzen uns darüber hinaus für ein breites Verständnis für IT-Sicherheit in Europa ein und bieten aus diesem Grund den Großteil unserer Produkte kostenfrei an.