Websites of Canadian and American small and medium businesses continue to be vulnerable to spoofing, clickjacking and sniffing, according to a report from a new cybersecurity company offering cloud-based protection for SMBs.
The report from CyberCatch, headquartered in San Diego with an office in Vancouver, B.C., is aimed at trumpeting the capabilities of its CyberXRay tool. It scanned 20,000 randomly selected SMB websites in the U.S. and 1,850 in Canada.
Among Canadian sites it found
- 84.3 per cent were vulnerable to being spoofed, which the report defines as a website, software or web application that didn’t sufficiently verify the origin or authenticity of data and could accept invalid data. This would allow an attacker to send carefully crafted scripts to force the web server to produce information such as usernames, passwords, content of a shopping cart, or in some cases, the entire customer database.;
- 73.3 per cent were vulnerable to clickjacking, which allows an attacker to insert stylesheets, iframes, text boxes or layers in a website;
- and 26.8 per cent were vulnerable to sniffing attacks, which allow an attacker to view the transmission of sensitive data in cleartext because it isn’t encrypted. If a website had simple single-factor authentication with just a user name and password, and was using a deprecated version of Secure Sockets Layer (SSL) or Transport Layer Security (TLS), the
password could be easily detected and discoverable using simple network sniffing, the report says.
Among U.S. sites it found
- 32.7 per cent were vulnerable to being spoofed;
- 27.9 per cent were vulnerable to clickjacking;
- and 10.5 per cent were vulnerable to sniffing.
The report also breaks down vulnerable sites by industry.
“SMBs across U.S. and Canada should scan their websites, software and web applications facing the Internet to make sure there are no vulnerabilities,” the report says. IT security managers should also implement a cybersecurity control to regularly scan all IT assets
for hardware and software vulnerabilities and set a policy to fix the weaknesses within a reasonable time.
“SMBs have limited resources, lack cybersecurity knowledge and the how-to. They rely on their IT provider, but IT is not cybersecurity,” said company founder and CEO Sai Huda. The report “reveals how vulnerable SMBs are to cyberattacks today and this is the reason why CyberCatch was founded. Our mission is to protect SMBs by focusing on the root cause for data breaches and ransomware: security holes.”
The company, whose advisory board includes former RCMP assistant commissioner Kevin Hackett and former U.S. Secretary of Homeland Security Tom Ridge, offers a software-as-a service network monitoring and cybersecurity controls testing service that starts at US$250 a month for firms with up to 50 employees, rising to US$1,000 a month for up to 499 employees. There are discounts for paying annually. There’s also a similarly-priced continuous compliance assessment service that gives instant benchmarking, a cyber hygiene score, a system security plan, a security awareness module for employees and a virtual CISO to offer advice.
It also offers a separately-priced cyber incident simulator for table-top exercises for US$95 a year.
Note: This article have been indexed to our site. We do not claim legitimacy, ownership or copyright of any of the content above. To see the article at original source Click Here
Apple AirPods 4 Wireless Earbuds, Bluetooth Headphones, with Active Noise Cancellation, Adaptive Audio,…
$169.00 (as of September 27, 2024 18:34 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Sweet Water Decor Christmas Candle | Christmas Tree, Apple Cider, and Cinnamon, Winter Holiday Scented Soy Candles…
$15.99 (as of September 28, 2024 18:35 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Amazon Basics Dog and Puppy Pee Pads with 5-Layer Leak-Proof Design and Quick-Dry Surface for Potty Training,…
$17.99 (as of September 28, 2024 18:35 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Crocs Unisex-Adult Classic Clogs
$38.00 (as of September 27, 2024 18:31 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
