Almost half of all Dutch company websites are vulnerable to attacks by cyber criminals due to vulnerabilities in software, configurations and web services. The result is often data theft or extortion through ransomware. “Entrepreneurs are insufficiently aware of the risks,” says cybersecurity specialist ID Control based on three studies of web shops, government websites and company websites respectively. “Vulnerabilities are often easy to fix,” says the cybersecurity specialist. “It is important to discover sensitivities in good time and to mitigate the risks. Too often websites and infrastructures are set up and considered to be safe.
Vulnerability management and security are often no longer a priority for the organization after delivery. Security often only comes into the picture again after cyber criminals hit their stride.
In the Netherlands, according to the Information Security Service (IBD) of the Association of Netherlands Municipalities (VNG), many government agencies are also vulnerable. The design of web and infrastructure is often outsourced. Clients then assume that security and risk management are properly arranged. “Sensitive data of citizens are, as it were, behind an open door.” Incidentally, inadequate security is not a typical Dutch problem. The German Bundesamt für Sicherheit in der Informationstechnik (BSI) also sees an increase in the number of vulnerabilities that are not addressed. The German research mainly focuses on webshops.
Many vulnerabilities are found there. These are often in the support systems. No fewer than 78 common vulnerabilities have been identified during inventories. Those vulnerabilities can range from a flawed password policy to outdated software. In more than half of the cases, however, it has been found that the owners give little or no priority to finding and fixing the vulnerabilities. Risks of breaches and data leaks therefore remain out of sight of the organizations. However, securing does not have to be very complicated, he also knows. It is mainly about always having an overview of the risks. “Regularly performing vulnerability scans, testing resilience and continuously strengthening the digital front door are important. With a vulnerability scan, organizations, but also their suppliers, can see where risks arise and therefore take adequate measures.”