With many reports stating cyber attacks and malware are getting more sophisticated all the time, it’s important you do everything you can to keep your networks secure from attack. But one area where many firms could be letting themselves down in this department is their web servers. It’s been suggested by a new survey that this is an area that’s often overlooked when developing a protection policy, which is giving hackers opportunities to get into business’ systems and do serious damage.
According to the research, which was conducted by KPMG, 15% of enterprises listed on the Forbes 2000 have insecure corporate websites because of outdated server management software or missing security patches. The two most commonly-used platforms deployed by these firms are products from Apache and Microsoft, which are installed on 30% and 26% of web servers respectively. But the study found 8% of Apache solutions and 6% of Microsoft-based servers are potentially vulnerable because they’re not up-to-date.
This is a serious issue, as KPMG stated any unpatched web servers are in danger of falling victim to remote attacks. The results of these could range from websites being knocked offline due to Distributed Denial of Service assaults to hackers gaining complete control of a web server and all its content. If you think your web server might be at risk because of this, you need to act quickly to close any security gaps and install the latest updates. Firms in the utilities, telecommunications and financial sectors were found to be most at risk, so these companies in particular might need to assess their web server solutions.
But this isn’t the only thing you need to do to make sure your website is secure. The study also found a large number of Forbes 2000 firms have inadvertently left sensitive data publicly accessible online, which could provide the means for a hacker to breach their defences. The most common means for this is leaving up temporary files containing test data about a site, but it also found private data folders containing backups of company information and .txt files with system configuration details were also accessible.