Web Security Review: first half 2014
In 2014, 1.3 million people had their personal data stolen! Did you know that? In this first half of the year, 1 in 5 Internet users has already been the victim of personal information theft… HTTPCS is there to make you react.
Web security review in the first half of 2014
Graphic below in French translated into English:
More and more connected objects… more than 12 billion connected objects which also represents more web services or 1 billion searchable web applications
This logically creates more security flaws
Some attacks in 2014
Orange: 1.3 million people’s personal data stolen
Ebay: data leakage from the 145 million uses of the platform and other non-financial data
Domino’s pizza: Financial blackmail by hackers under penalty of disclosure of data from 650,000 customers
The security criteria of a website
Confidentiality, Integrity and availability are the three main security criteria of a site.
72% of websites are vulnerable*
- 20% have critical vulnerabilities
- 40% have a backdoor
- 72% of sites are vulnerable
- 15% are victims of data expropriation
- 81% of mobile sites are vulnerable
Antivirus isn’t much use anymore**
The “hack” in detail
- Forwards: white hat and black hat
- Targets: individuals, governments and businesses
- Objectives : Money, spying, identity theft and miscellaneous information
- Vulnerabilities: people, software, hardware
- Consequences: loss of data, bad reputation, loss of activity
- Impacts: confidentiality, availability and integrity
Some key figures
- One basket out of two is abandoned, 30% due to security problems
- 83% of passwords are never changed
- 33% of passwords are easy to find
- 39% of users use the same password everywhere
- 52% of sites do not encrypt client passwords
- One in five Internet users has already been a victim of theft of personal information
The global cost of cybercrime is €327 billion, including €3.76 billion for identity theft.
Security approach
How to have a secure website approach :
- Learn about common vulnerabilities, what they cause and how to deal with them
- Detect vulnerabilities on your site
- Repair challenged lines of code
- And finally, a step that is often forgotten: keeping the program up to date by conducting a technology watch.
*study conducted on a basis of 3,808,042 websites
**Statement by Brian Dye, Senior Vice President Symantec
