SiteLock is proud to share the latest installment of our quarterly security report, The SiteLock Website Security Insider Q3 2017!
Featuring exciting new research, the SiteLock Website Security Insider Q3 2017 reveals that cybercriminals continue to become more ambitious. This confirms what we concluded in Q2 2017: that website owners are more likely than ever to experience a cyberattack.
Other data uncovered that, surprisingly, website owners are unintentionally increasing their own risk of attack. The features they add to their websites, such as plugins or linked social media accounts, can increase their site’s likelihood of compromise, or “attack surface.” Data from Q3 2017 reveals that WordPress websites with 6-10 plugins are approximately 2 times more likely to be compromised than websites without plugins. In the report, we further explore how an expanded attack surface can create opportunities for hackers to exploit vulnerabilities and spread malware.
The SiteLock Website Security Insider Q3 2017 discusses common cybersecurity risks faced by website owners in Q3 2017, and the steps they can take to reduce their attack surface. The report includes the following sections:
Malware – As cybercriminals attack websites more aggressively and create more complex types of malware, new data exposes that attackers are more commonly deploying malware with a self-serving goal in mind. In fact, attacks targeting website visitors were the most common type of malware infections in Q3 2017, accounting for 14.6% of infections. This section explores the common types of malware website owners experienced in Q3 2017, and how it was used to profit off of a website and its visitors.
Search Engine Malware Warnings – Popular search engines remain an unreliable means of finding malware in Q3 2017. Search engines blacklisted even fewer infected websites in Q3 2017 than in Q2 2017, with only 21% of infected websites receiving malware warnings. The reasons why, as well as the dangers of undetected malware infections, are discussed in this section.
Vulnerabilities and Attacks – Some optimistic trends appeared in Q3 2017: the number of vulnerabilities and the pages affected by them decreased. However, it isn’t all good news: the number of attempted attacks increased quarter over quarter by 16%. This illustrates that while cybercriminals found fewer vulnerabilities to target, they were actually more ambitious in their attempts to attack websites.
Content Management Systems – Open-source content management systems (CMS) such as WordPress and Joomla! are well-loved for the plugins that make it easy for any website owner to customize their site. However, websites powered by a CMS carry a higher risk of compromise: data from Q3 2017 indicates that WordPress websites are 1.8 times more likely to be compromised than the average website. As described in this section, security flaws in plugins or the core CMS software continue to serve as easy entry points for attackers. We also discuss why website owners should not solely rely on CMS core updates to secure their site.
Website Risk Score – The SiteLock Website Risk Assessment was developed to help website owners understand how the features on their website can increase their risk of attack. With this information, website owners are more informed about their website’s security, and can take the right steps to proactively secure their site. This section provides an overview of the SiteLock Risk Assessment, how it can calculate a website’s risk score, and recommendations for decreasing the risk of attack.
WordPress Plugins and Social Media – WordPress plugins and social media plugins are among the most common website features used to enhance the user experience. However, the notion that these features can increase a website’s risk of attack is not as common. In this section, you’ll learn why the more plugins a website has, the more at risk of compromise it is. We also discuss important data website owners should consider when linking to social media.
The SiteLock Website Security Insider Q3 2017 also provides practical, easy-to-implement recommendations that all website owners can employ to protect their websites from these sophisticated, but all-too common, cyberattacks.
Click here to download your copy of the The SiteLock Website Security Insider Q3 2017!