• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • About
    • Secure360
    • UMSA
    • Get Involved
  • Events
    • Secure360 2021
    • Student360
    • Past Events
      • 2020 Secure360 Twin Cities
      • 2020 Student360
      • 2019 Secure360 Twin Cities
      • 2019 Student360
      • 2018 Secure360 Twin Cities
      • 2018 Secure360 Wisconsin
      • 2018 Student360
      • 2017 Secure360 Twin Cities
      • 2017 Student360
      • 2016 TC Secure360 Conference
      • 2015 Secure360 Conference
      • 2014 Secure360 Conference
      • 2013 Secure360 Conference
        • 2013 Secure360 Conference Speaker Presentations
      • 2012 Secure360 Conference
  • For Sponsors
    • Secure360 Twin Cities
    • Student360 Sponsors
  • For Speakers
    • Secure360 Speaker Details
    • Student360 Speaker Details
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

Website security risks: Stats and solutions [infographic]

January 24, 2017 by Secure360 and UMSA

According to a new study of the top 1 million domains, 46% are running vulnerable software, are known phishing sites, or have had a security breach in the past twelve months. Here is a quick breakdown:

infographic with website security stats 2016

Copyright: Secure360

Which sites are the most vulnerable?

News and media sites were most likely to be risky, at 50%, followed by entertainment sites at 49%, and travel sites at 42%. Business sites (41%) and shopping sites (40%) followed very closely behind.

What are the top risk factors?

Of the 1 million sites, 355,804 were either running vulnerable software or accessing background domains running vulnerable software; 166,853 fell into known-bad categories, while 31,938 experienced a recent security incident.

The largest source of risk was vulnerable software. About 36% of all websites were either running vulnerable software, or getting content from other locations running vulnerable software.

The next biggest risk factor was if a website was known to be malicious, or pulled content from a malicious domain. About 17% of the top million Alexa websites fell into this category.

Finally, 3% of sites had experienced a recent security incident.

What can website owners do?

  • Patch Vulnerable Software and run the latest versions that have mitigated known CVEs.
  • Sub-Resource Integrity (SRI), to ensure only known, trusted resource files (typically JavaScript, CSS) are loaded from third-party servers (typically CDNs).
  • Mixed Content, to clarify the intended browser’s policy on pages loaded over HTTPS and linking content over plaintext HTTP.
  • Upgrade Insecure Requests, hinting browsers on how to handle legacy links on pages migrated to HTTPS.
  • Credential Management, a unified JavaScript API to access user’s credentials to facilitate complex login schemes.

Filed Under: Business Continuity Management, Cybersecurity

About Secure360 and UMSA

The Secure360 and UMSA team is made up of professionals in the security and risk management industries. Topics of expertise range from physical security, IT, risk management, cybersecurity, cloud, information security and records management.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Uncategorized
  • Guest Posts
  • Business Continuity Management
  • News and Events
  • Physical Security
  • Cybersecurity
  • Professional Development
  • Risk and Compliance

latest tweets

  1. Marketing Envy
    Marketing Envy: [New Blog] 2020 saw in-person conferences evaporate, but with vaccines rolling out, 2021 could be different. H… https://t.co/4YONwZNsDa
    about 6 days ago

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2021 Secure360. All rights reserved.