News + Resources

Industry news, Astaara press releases & maritime cyber risk resources

Tuesday, June 14, 2022
A third of corporate, public-facing websites have at least one critical vulnerability

We have been working with marine and financial services businesses to help them manage their risks for several years.

As part of this work, we have a reviewed many corporate public-facing websites.

Collectively the picture is not reassuring.  While we would expect there to be some basic and relatively harmless errors on websites, we did not expect to find that 1 in 3 of websites had at least one critical vulnerability and 2 in 3 had at least one known moderate vulnerability.

While many companies outsource the hosting and operations of their websites to third parties, this is not a guarantee that your website is well protected or well managed – often these are not included in standard service level agreements.

If you operate your own website, you need to be sure that it is kept well segregated from internal servers so that bad actors cannot use it as an ingress for malware into your business.

You need to be confident that your external facing websites are secure, well configured and competently managed, and the tools they use kept up to date.

Whoever does your website for you, Companies need assurance that their public web presence is not a vector to attack them, or innocent browsers on their sites.

Why this is important:

  • Your website is the image of your business that you project to the outside world
  • Your reputation and credibility are affected not only if the content of your website is not accurate and well presented, but also if your website is unavailable or, worse, has been taken over by criminals

We know that websites are not as secure as they should be: too many websites are deployed with serious vulnerabilities, making them susceptible to attack; others are using outdated and therefore vulnerable tools; and some lacking basic security features.

So, in reviewing your website, ask yourselves:

  • Do you know for a fact that your website is secure?
  • If you outsource your web hosting, are you confident that your suppliers are protecting your brand appropriately?
  • Do you have appropriate SLAs with your suppliers to keep your website secure?
  • Are you concerned that an actual or potential customer or supplier risks becoming a victim of attack because your website is insecure?

We can help you understand the state of your website and reduce the risk that your main external window becomes a trap for the unwary.

  • William Egerton
    Chief Cyber Officer