Sobering MELANI annual report: Due to neglected updates and patches, over 70% of Swiss websites have security vulnerabilities. However, these can generally be avoided in an affordable way with a web application firewall .
Hardly anyone would think of getting on a motorcycle without a helmet. Although website safety measures are not mandatory, unlike helmets, omitting them can have serious consequences. The fact that the security of websites is generally not at its best is confirmed by the semi-annual report of the Reporting and Analysis Center for Information Assurance MELANI (2015/1), which has made the topic a priority:
One of the main drivers of the strong growth in active websites are the increasingly popular content management systems (CMS). However, non-updated CMS pages are popular and easy targets for attacks such as phishing or drive-by infections. Regular updates and patches are therefore absolutely essential. Unlike most operating systems, these are not automated for CMS. In other words, operators have to do this themselves, i.e. manually. And this is something that is very often neglected – sometimes for years. The result: over 70% (!) of Swiss websites have security vulnerabilities. This is particularly risky for SMEs, as customer data is also stored in many CMSs.
MELANI makes appropriate recommendations on this issue. These include the obvious, namely prompt patch management, as well as two-factor authentication. But regardless of the degree of patch and update discipline, there is another elegant, upstream solution that is not only easy to scale but also affordable: the Web Application Firewall (WAF).
So if you want to avoid a “risky ride” on the Internet, i.e. web applications without the protection required today, you should rely on the USP Secure Entry Server® as a WAF. With its solution, United Security Providers offers the highest standard of a web application firewall. It effectively protects all content management systems. In addition, the USP Secure Entry Server® makes it easyto introduce two-factor authentication.