• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Student360
  • About
    • Secure360
    • UMSA
  • Secure360 2022
  • For Sponsors
  • For Speakers
  • Get Involved
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

Website security risks: Stats and solutions [infographic]

January 24, 2017 by Secure360 and UMSA

According to a new study of the top 1 million domains, 46% are running vulnerable software, are known phishing sites, or have had a security breach in the past twelve months. Here is a quick breakdown:

infographic with website security stats 2016

Copyright: Secure360

Which sites are the most vulnerable?

News and media sites were most likely to be risky, at 50%, followed by entertainment sites at 49%, and travel sites at 42%. Business sites (41%) and shopping sites (40%) followed very closely behind.

What are the top risk factors?

Of the 1 million sites, 355,804 were either running vulnerable software or accessing background domains running vulnerable software; 166,853 fell into known-bad categories, while 31,938 experienced a recent security incident.

The largest source of risk was vulnerable software. About 36% of all websites were either running vulnerable software, or getting content from other locations running vulnerable software.

The next biggest risk factor was if a website was known to be malicious, or pulled content from a malicious domain. About 17% of the top million Alexa websites fell into this category.

Finally, 3% of sites had experienced a recent security incident.

What can website owners do?

  • Patch Vulnerable Software and run the latest versions that have mitigated known CVEs.
  • Sub-Resource Integrity (SRI), to ensure only known, trusted resource files (typically JavaScript, CSS) are loaded from third-party servers (typically CDNs).
  • Mixed Content, to clarify the intended browser’s policy on pages loaded over HTTPS and linking content over plaintext HTTP.
  • Upgrade Insecure Requests, hinting browsers on how to handle legacy links on pages migrated to HTTPS.
  • Credential Management, a unified JavaScript API to access user’s credentials to facilitate complex login schemes.

Filed Under: Business Continuity Management, Cybersecurity

About Secure360 and UMSA

The Secure360 and UMSA team is made up of professionals in the security and risk management industries. Topics of expertise range from physical security, IT, risk management, cybersecurity, cloud, information security and records management.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Uncategorized
  • Guest Posts
  • Business Continuity Management
  • News and Events
  • Physical Security
  • Cybersecurity
  • Professional Development
  • Risk and Compliance

latest tweets

  1. Secure360 Conference
    Secure360 Conference: New post alert! Learn more about our awesome 2022 @UMSAOrg #scholarship winners https://t.co/C8VnqX3wWW
    about 19 hours ago

  2. Secure360 Conference
    Secure360 Conference: With so much fun had this year, we're eager for next year! Mark your calendars for May 9-10, 2023 back at Mystic La… https://t.co/Cbk0abnNSO
    about 1 day ago

  3. Secure360 Conference
    Secure360 Conference: With #Sec360 2022 officially in the books, we wanted to share a little recap of the fun! https://t.co/iMPwAp1Kac … https://t.co/kk7xRUXoRo
    about 4 days ago

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2022 Secure360. All rights reserved.