Why Your Open Source CMS May Expose You to Critical Security Risks

Why Your Open Source CMS May Expose You to Critical Security Risks

Posted on June 04, 2019 0 Comments
Why Your Open Source CMS May Expose You to Critical Security Risks_870x450

If you're using an open source CMS, you may be more vulnerable to security risks than you thought. Learn about top security concerns and how you can address them.

Website security has always been a major concern for organizations of all sizes, but too often we make compromises. I remember when, nearly two decades ago, a small-business owner asked us to build a website that would only be online between 9am-5pm because he “couldn’t afford to hire someone to check if it’s up and running 24/7.”

Today, the compromises are different, but organizations who neglect security still face unnecessary costs. Many organizations hire developers to build their websites using open source software, but “save money” by not hiring security experts as part of the project. As a result, many businesses fail at implementing best practices and keeping their websites up to-date or configured for optimal protection.

Is Your Content Management System Secure?

According to a recent report on website security by ZDNet, most website hacks could be related to vulnerabilities in plugins and themes, misconfiguration issues and a lack of maintenance by webmasters, who forgot to update their content management system (CMS). All the top hacked CMSs highlighted by ZDNet were open source options, led by WordPress.

Top Hacked CMSs

Image: Sucuri

And, unfortunately, it does not end there. Many webmasters rely on e-commerce integrations or platforms that fall short of ensuring adequate protection of business & customer data, due to outdated platform distributions. In the chart below, you can see that the hacked CMSs that were found to be out of date most often were e-commerce platforms.

Hacks Due to Outdated Distributions

Image: Sucuri

Symantec also recently shared some disturbing facts about a number of attacks and security breaches that are surging in 2019. Formjacking attacks have shot up, with an average of 4,800 websites compromised each month. According to Symantec, due to a growing embrace of the cloud, more than 70 million records were stolen from poorly configured S3 buckets. Ransomware, once focused on consumers, has seen a 12% increase in infections targeting enterprises. And while supply chains remain attractive for hackers (attacks jumped up 78 percent), the fact that IoT is growing so quickly despite most devices being vulnerable makes them a new key point of entry for targeted attacks.

“By failing to prepare, you are preparing to fail.”
-Benjamin Franklin

With the number of cyberattacks and security breaches skyrocketing, web application security is more vital than ever for today’s businesses. Many webmasters and website administrators however, seem happy to adopt the ostrich strategy.

Ostrich Strategy

Ostriches may not actually bury their heads in the sand, but it remains a helpful analogy when describing those who hide from the reality of the security landscape today. I can think of at least one government agency that might have recently lost millions and millions of records thanks to the inadequate security and back-up practices their IT employed. And, thanks to a recent security breach reported by a major hotel chain, my personal data and credit card details are probably floating around on the dark web, to be sold to the highest bidder.

With the abundance of information readily available, and a wide choice of content management systems, ignorance is no excuse. Securing websites, APIs and systems should be a key building block of any content management, e-commerce and web experience strategy.

Protecting Against Security Breaches

A good place to start is reviewing the OWASP Top 10 Application Security Risks and working with your IT or vendor to see if they have taken adequate measures to address, at the bare minimum, some of items that have made it to the list. Chances are that if your organization is running one of the free open source CMS platforms we have mentioned above, or have a home-grown web content management system, even the security assessment could pose a challenge, let alone plugging potential security holes.

Keeping your website secure is not a trivial task. It does involve a fair amount of planning and executing a complete strategy that goes way beyond simply securing a single or even a dozen websites, plus APIs and development, staging and production servers.

Instead of asking a design studio to build a website that will only be available 9-to-5, consider making an informed decision and enquire if the solution they are offering can protect your intellectual property, and your customers’ personal data 24/7.

Sitefinity Security Infographic

Click to view the full infographic

Even if you do not know how SQL injection vulnerability can negatively imapct your business, buzzwords like “Broken Authentication” or “Sensitive Data Exposure” should ring a bell. It would surely help to have someone on your team who understands the jargon, or even better—your organization should utilize a CMS that can protect you against the most critical web security risks out of the box.

Sitefinity CMS was one of the first content management systems to introduce a web security module and enabled administrators to easily configure security response headers to help ensure that websites are configured for optimally protection.

Sitefinity Security Settings

Progress Sitefinity is designed to securely deal with the entire OWASP Top 10 list of security concerns out of the box. We also make staying on the latest version simple. As a result, our users are always secure and up to date—and Sitefinity stays off the lists you saw above.

With 10,000+ web properties built on Sitefinity by 2,700+ global organizations, you can trust that security and data privacy are an integral part of everything we do.

Are you concerned with improving the security, performance or productivity of your organization? Are you trying to move away from your current open source CMS, or have your business needs outgrown your current content management system’s capabilities? Whatever the pain points, Sitefinity offers a highly performant and secure CMS that may be able to address your immediate needs, while also providing enterprise-class support and development that can align with your organization’s long-term goals.

Click here to Try Sitefinity CMS, or talk to an expert to see it in action by setting up a personal demo today.

Try Sitefinity

Alexander Shumarski

Alexander Shumarski

Alexander Shumarski is a Sitefinity Product Marketing Manager at Progress. He has spent the past 10+ years managing large-scale website initiatives and has deep-dived into online media and e-commerce industries. An adventurer at heart and a power CMS user, he has embarked on a journey to empower marketers to tell compelling stories without reliance on IT.

Comments

Comments are disabled in preview mode.
Topics

Sitefinity Training and Certification Now Available.

Let our experts teach you how to use Sitefinity's best-in-class features to deliver compelling digital experiences.

Learn More
Latest Stories
in Your Inbox

Subscribe to get all the news, info and tutorials you need to build better business apps and sites

Loading animation