Home Full News Articles Vulnerability and security of financial websites
       

Risk Free News

Vulnerability and security of financial websites

In a recent report published by Menlo Security, they found that one out of every three of the top million websites currently on the net are either ‘vulnerable to hacking or already hacked.’ Menlo detected no vulnerabilities on 66% of the sites, but the remaining 34% were classified as "risky":

- 22% were running on vulnerable infrastructure.
- 10% of all sites are running a vulnerable version of the PHP application framework.
- 8% are running vulnerable Web server software, evenly split between Apache and IIS.
- 2% of the sites run vulnerable content management systems, evenly split between WordPress and Drupal.
- Some niche categories had vulnerability rates much higher, up to 80%
.

‘Existing security technologies consistently fail to detect and stop infections’ (Menlo). One recent example has been the Forbes.com website; having been hacked, it lasted a couple of days in late 2014 before they regained control. The hackers were linked to a Chinese cyber espionage group.

In 2014, it was estimated that businesses lost nearly $400 billion as a result of cyber-crime. In many cases, a company’s own employees put the business at risk, often unintentionally, by browsing to a trusted website or clicking on a link in an email that brought them to a compromised site. Simply navigating to a compromised website or opening a document can unleash a whole host viruses onto a user’s computer. Once compromised, an attack can quickly spread to other systems both within and outside the company.

There are roughly over one billion websites on the Internet, with more than 100,000 new sites coming online daily. One study reported that over 70% of Web domains exist for just a single day. And as the Forbes.com incident showed, the notion of a “trusted” site is often illusory, because a vulnerable site cannot ever be trusted.

"As one of the leading software as a service (saas) providers to the UK’s Lender market, we have to continually added in new security features to our systems, including patches, firewalls, and SSL certificates. Many specialist lenders continue to ignore these simple measures." said Anthony Roy, Technical Director.

"We believe many lenders are putting themselves at unnecessary risk and will not take any action until it is too late (often when they have been hacked and client data is compromised). Most companies only install antivirus software after the event. Lenders must realise that they need to protect client data, only to protect their reputation and business, but also from a compliance prospective.”

Website infrastructure can be compromised at any point. It’s worth noting that Information regarding a site’s underlying software infrastructure is routinely returned to any browser that makes a Web request. Attackers need no more than a standard browser to find vulnerable sites to exploit. Hackers are often sophisticated, unchecked and experts in what they do. As a business, do you know the vulnerabilities of your website and systems? What have you put in place to counter these?

A quick to checking the vulnerability of your web services:

• Use a reputable ‘online scanner’ to test your website.
• Ensure your serve has a good firewall, it’s locked down and has no open ports.
• Protect the forms on your website from ‘SQL injection’ where these forms can be used to manipulate code on your website.
• Reduce or stop the ability to upload unnecessary documents on your website or ‘executable files’ – block particular file types which run executable code.
• ‘Denial of service attacks’ – disable the ‘ping’ on your website and server.
• Limit the amount of connections from a particular IP address.
• Make sure your server is updated with the latest ‘updates’ from your supplier.

Risk Free would be happy to offer advice and guidance to Lenders, who are worried about protecting their systems and client data.

Back to news
 
Thank you for contacting us
Close
Business & Technology Centre
Telford Innovation Campus
Telford, Shropshire TF2 9NT
United Kingdom
Contact us
 
Business & Technology Centre
Telford Innovation Campus
Telford, Shropshire TF2 9NT
United Kingdom
Arrange a demo
Business Type
Where did you find us?
submitted successfully

Thank you for your submission, we aim to respond to you within one business day.

For any additional questions, please contact us on
+44(0)1952 244660 (local rate)

Please click "Continue" to hide this banner.