Why Your Open Source CMS May Expose You to Critical Security Risks
If you're using an open source CMS, you may be more vulnerable to security risks than you thought. Learn about top security concerns and how you can address them.
Website security has always been a major concern for organizations of all sizes, but too often we make compromises. I remember when, nearly two decades ago, a small-business owner asked us to build a website that would only be online between 9am-5pm because he “couldn’t afford to hire someone to check if it’s up and running 24/7.”
Today, the compromises are different, but organizations who neglect security still face unnecessary costs. Many organizations hire developers to build their websites using open source software, but “save money” by not hiring security experts as part of the project. As a result, many businesses fail at implementing best practices and keeping their websites up to-date or configured for optimal protection.
Is Your Content Management System Secure?
According to a recent report on website security by ZDNet, most website hacks could be related to vulnerabilities in plugins and themes, misconfiguration issues and a lack of maintenance by webmasters, who forgot to update their content management system (CMS). All the top hacked CMSs highlighted by ZDNet were open source options, led by WordPress.
And, unfortunately, it does not end there. Many webmasters rely on e-commerce integrations or platforms that fall short of ensuring adequate protection of business & customer data, due to outdated platform distributions. In the chart below, you can see that the hacked CMSs that were found to be out of date most often were e-commerce platforms.
Symantec also recently shared some disturbing facts about a number of attacks and security breaches that are surging in 2019. Formjacking attacks have shot up, with an average of 4,800 websites compromised each month. According to Symantec, due to a growing embrace of the cloud, more than 70 million records were stolen from poorly configured S3 buckets. Ransomware, once focused on consumers, has seen a 12% increase in infections targeting enterprises. And while supply chains remain attractive for hackers (attacks jumped up 78 percent), the fact that IoT is growing so quickly despite most devices being vulnerable makes them a new key point of entry for targeted attacks.
“By failing to prepare, you are preparing to fail.”
With the number of cyberattacks and security breaches skyrocketing, web application security is more vital than ever for today’s businesses. Many webmasters and website administrators however, seem happy to adopt the ostrich strategy.
Ostriches may not actually bury their heads in the sand, but it remains a helpful analogy when describing those who hide from the reality of the security landscape today. I can think of at least one government agency that might have recently lost millions and millions of records thanks to the inadequate security and back-up practices their IT employed. And, thanks to a recent security breach reported by a major hotel chain, my personal data and credit card details are probably floating around on the dark web, to be sold to the highest bidder.
With the abundance of information readily available, and a wide choice of content management systems, ignorance is no excuse. Securing websites, APIs and systems should be a key building block of any content management, e-commerce and web experience strategy.
Protecting Against Security Breaches
A good place to start is reviewing the OWASP Top 10 Application Security Risks and working with your IT or vendor to see if they have taken adequate measures to address, at the bare minimum, some of items that have made it to the list. Chances are that if your organization is running one of the free open source CMS platforms we have mentioned above, or have a home-grown web content management system, even the security assessment could pose a challenge, let alone plugging potential security holes.
Keeping your website secure is not a trivial task. It does involve a fair amount of planning and executing a complete strategy that goes way beyond simply securing a single or even a dozen websites, plus APIs and development, staging and production servers.
Instead of asking a design studio to build a website that will only be available 9-to-5, consider making an informed decision and enquire if the solution they are offering can protect your intellectual property, and your customers’ personal data 24/7.
Even if you do not know how SQL injection vulnerability can negatively imapct your business, buzzwords like “Broken Authentication” or “Sensitive Data Exposure” should ring a bell. It would surely help to have someone on your team who understands the jargon, or even better—your organization should utilize a CMS that can protect you against the most critical web security risks out of the box.
Sitefinity CMS was one of the first content management systems to introduce a web security module and enabled administrators to easily configure security response headers to help ensure that websites are configured for optimally protection.
Progress Sitefinity is designed to securely deal with the entire OWASP Top 10 list of security concerns out of the box. We also make staying on the latest version simple. As a result, our users are always secure and up to date—and Sitefinity stays off the lists you saw above.
With 10,000+ web properties built on Sitefinity by 2,700+ global organizations, you can trust that security and data privacy are an integral part of everything we do.
Are you concerned with improving the security, performance or productivity of your organization? Are you trying to move away from your current open source CMS, or have your business needs outgrown your current content management system’s capabilities? Whatever the pain points, Sitefinity offers a highly performant and secure CMS that may be able to address your immediate needs, while also providing enterprise-class support and development that can align with your organization’s long-term goals.
Veiw original content here
Related Progress News: