Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

How secure are UK websites? - MeasureCamp Manchester I, May 12 2018 - CyberScanner

55 views

Published on

What we learned from scanning 135,000 UK websites for known, hackable exploits in the run up to GDPR.

Published in: Marketing
  • Be the first to comment

  • Be the first to like this

How secure are UK websites? - MeasureCamp Manchester I, May 12 2018 - CyberScanner

  1. 1. What is the state of cyber security in the UK? (Alt. Title = What we learned from scanning 135,000 UK business websites).
  2. 2. Who Dan Taylor Hat 1: Senior Tech SEO Consultant/Account Manager @ SALT.agency Hat 2: Digital Marketing Manager @ CyberScanner https://salt.agency https://cyber-scanner.com @taylordanrw
  3. 3. What we did • Using BuiltWith, extracted 250,000 UK business websites • Scanned them using our “fingerprint” vulnerability scanner (non-intrusive, passive) • Scanned the sites against a database of more than 100,000 known vulnerabilities based on identifying used technologies. @taylordanrw
  4. 4. @taylordanrw
  5. 5. City % with at least one vulnerability London 86.28% Manchester 85.90% Birmingham 85.78% Bristol 85.82% Glasgow 84.67% Edinburgh 86.95% Leeds 86.94% Nottingham 87.85% Sheffield 84.94% Liverpool 84.53% Belfast 84.21% @taylordanrw
  6. 6. @taylordanrw
  7. 7. Sector % with at least one vulnerability Travel 81.47% Sports 80.45% Art & Entertainment 82.13% Law, Govt & Politics 84.39% Automotive & Vehicles 81.50% Health & Fitness 83.20% Style & Fashion 81.12% Food & Drink 82.84% Pets 80.77% @taylordanrw
  8. 8. Things that we found… • Issues with SSL implementations • Vulnerability to XSS • Vulnerability to CSRF @taylordanrw
  9. 9. Why does this matter? • GDPR is seeing more businesses invest in cyber security to protect against data breaches… Making others even more vulnerable. • Protection for the user • Google to go beyond HTTPS and introduce passive scanning? (made this prediction in SEJ, in 2017) @taylordanrw
  10. 10. What can I do • Beg development teams to update platforms/plugins/third party integrations when they need upgrading. • Make use of pen testing. • Actively monitor and assess cyber security risks • Educate staff and employees on how to avoid social engineering @taylordanrw
  11. 11. More info. • https://cyber-scanner.com • https://cyber-monitor.com/cyber-monitor • https://www.twitter.com/cyber_scanner • dan@cyber-scanner.com @taylordanrw

×