In February, security researchers reported Forbes.com had been hacked. As a result, any visitor to the site was infected – without clicking on any links. This incident was just the latest reminder that seemingly safe activities on the Web – like browsing the home page of a well known and trusted site like Forbes.com – is risky. With over one billion websites on the Internet, and more than 100,000 new sites coming online daily, we found ourselves wondering: Can we quantify the level of risk on the Web?
With this question in mind, we scanned Alexa’s top one million sites to see which URLs and domains were vulnerable and/or compromised. Surprisingly – over one in three of the top domains are risky; and the biggest contributors to vulnerable sites are those in categories that we routinely trusted. Here are some of the key findings from the report:
- More than one in three of the top domains are risky
- Over one in five domains run vulnerable software
- 6 percent of sites serve malware, spam or botnets
- The biggest contributors to vulnerable sites by category are Computers and Technology, Business and Shopping
In light of these facts, what should organizations do to protect their employees? Restricting access to pornography, gaming and similarly categorized sites is a reasonable practice for reducing wasted time and boosting productivity; however, allowing access to seemingly “safe” site types can actually expose an organization to even greater risks. The sobering reality: The next major attack is likely already in process – it’s just a matter of time until we discover what’s been lost. The real answer to the challenge of preventing Web-based attacks will come from new tools that can completely stop attacks before they reach their targets.
To find out more about the state of Web, download the full research.