New research by enterprise CMS company Storyblok has highlighted the cyber security vulnerabilities facing even the world’s leading business websites. The research suggests 32% of respondents say their CMS has a new security issue at least once a week.
Storyblok surveyed 530 professionals who personally use a CMS in the US, UK, Germany, Sweden, and the Netherlands.
Research key insights:
- 69% of UK professionals worry about the security of their CMS – compared to a 64.3% global average.
- 80% said security is extremely important or very important to them when choosing a CMS.
- 32% said their CMS has new security issues at least once a week. For 7%, it is a daily occurrence.
- 46.4% had a CMS security issue affect their content.
- 21.7% conduct security updates 5-9 times per month.
This activity comes as Storyblok today announced it received ISO 27001 certification from TÜV Rheinland, an independent third party. This certification verifies that all Storyblok’s products, operations, support processes, and data storage protocols meet the highest international security standards.
Security problems continue to come at a high cost for enterprises. In a report called The Four Tenets Of SaaS Application Security And Protection, Forrester said: “Losing data in a SaaS application because of insufficient data protection is every CISO’s and compliance officer’s nightmare. Mitigation costs can exceed $3 million to $3.5 million per incident — and that’s a conservative estimate.”
Many CMS platforms are open-source and therefore vulnerable by nature. Platforms built on an open-source framework have benefits like a collaborative environment, sharing and modifying the source code together.
Poor reputation of traditional CMS
A major concern is that there is no central authority responsible for finding and patching CMS security vulnerabilities on time. This is because it’s free and no one takes accountability for dealing with security issues. As a result, the final product often has critical security vulnerabilities. Some of these security vulnerabilities are found by either security researchers or hackers.
Before CMS became the dominant content platform, attackers had to find a target like a bank or eCommerce site. To compromise or steal the data, the attacker had to find vulnerabilities in the target.
With a CMS, if an attacker finds a vulnerability, they can create a much more efficient way to automate and execute it in a mass-scale level attack. Once a vulnerability has been identified, attackers can use a search engine to easily fingerprint websites based on a CMS. They can then exploit it in multiple CMSs of different companies.
“Traditional CMSs have a bad reputation for the security headaches they cause, and for good reason,” said Dominik Angerer, Co-Founder and CEO of Storyblok. “Getting the ISO 27001 certification was especially important to us. It ensures that any enterprise using Storyblok to share their content with the world is doing so on the most secure, enterprise-grade headless CMS available on the market.”
Enterprise Times: What this means for business
Security remains one of the biggest challenges facing any modern enterprise. Today’s most popular CMS platforms in use are WordPress, Joomla, and Drupal. According to many analysts, these three platforms combine to support over 75% of all CMS-powered websites currently on the internet.
According to a study by Sucuri, WordPress is the most vulnerable CMS, followed by Joomla and Drupal. The complexity of the code introduces vulnerabilities to these platforms which make them attractive to hacking. Most of them are known vulnerabilities that can be easily detected using automated tools.
Storyblok’s research that 32% of the world’s largest businesses encounter a CMS security breach every single week is not surprising. Enterprises will have to investigate if going headless will be a solution to reducing these vulnerabilities.