by | 10 Oct 2015

Local Communities: damn vulnerable websites

In late March, a French newspaper (La Gazette) made a disastrous record on the security level of French municipalities web sites. On 14.000 sites, over 50% are not only vulnerable but clearly expose vulnerabilities (Read the article: Thousands of poorly secured websites, La Gazette). By analyzing the source code or just by reading the header information, it was easy to identify which kind of software and plugins are used. Discover in this article some important website security practices and a cybersecurity solution to efficiently protect your website from hackers!

Damn vulnerable websites

The majority of French municipalities with more than 5.000 inhabitants have a website. This trend is growing in order to provide more and more public services. The plan “Digital France 2012-2020” presented by Eric Besson, Minister of Industry, Energy and Digital Economy at the time, aims to develop “digital confidence” through 154 proposals. However, a post of La Gazette on 20,000 websites hacked in January – including many public institutions – underlines the lack of cybersecurity for local institutions.

Important website security practices

The following prevention measures will greatly reduce the number of potential vulnerabilities:

  • Hide application data and servers: information on versions used are very useful to hackers who just have to check it with a database of known vulnerabilities.
  • Regularly update your server and its applications: one of the most effective safeguards to protect you against known vulnerabilities is to keep updated your web server to make the task of the attacker more difficult.
  • Apply security fundamentals: national agencies regularly publish recommendations to protect websites against cyber-attacks.

What cybersecurity solution for your Website?

Security recommendations and regular server updates will significantly reduce the website attack surface. However, these recommendations do not ensure an optimum security level. Institutions should be equipped with advanced technical tools designed for Cybersecurity:

  • Vulnerability Scanner: to detect potential vulnerabilities before they are exploited.
  • Web Application Firewall: for optimal protection against sophisticated cyber-attacks such as SQL injections, DDoS attacks and XSS attacks.
  • Virtual Patching: full remediation of a vulnerability thanks to the output of scan.
  • Dashboard: allows complete real-time visibility on the security level, indicating details of blocked attacks.

These security measures are usually dedicated to large companies that have adequate security team, and significant financial resources. For those who have neither the technical expertise nor the financial means to get decent web security level, there is still a solution.

OZON democratizes cybersecurity protection to make it available to local institutions, whatever their size, and offers a turn-key solution that combines vulnerability assessment, malware detection, protection against cyber-attacks and virtual patching of vulnerabilities. Not to mention a complete dashboard with key indicators on your security level. OZON is free to try!