Current status of Cyber Security for companies using WordPress websites

[Survey of 105 managers and employees who experienced security incidents with Word Press] 45.7% of respondents said they did not take any countermeasures at the time of the security breach.

~ 77.1% of companies regret that they should have implemented security measures in advance~

Developing security services based on the philosophy of “providing high-quality and inexpensive security measures for small and medium-sized businesses”, LoadMap company (headquarters Nerima-ku, Tokyo, Representative Director : Mami Ishikawa) conducted an investigation into the actual situation related to security incidents with the subjects being 105 managers and employees who encountered security incidents with Word Press.

  • Summary of investigation results

  • Survey outline

Survey outline :        survey the actual situation related to security incidents

Survey method :  internet survey

Survey time :         21/01/2002~ 23/01/2022

Valid answer:        105 managers and employees experienced security issues with Word Press

  •   Regarding security issues with WordPress, 38.1% answered  “Cannot access website or administration screen” and 28.6% answered “ Home page has been tampered with ”.

Question 1 . What types of damages and security incidents have you experienced while using Word Press? 38.1% answered that  “Cannot access website or management screen”, 28.6% answered “Home page has been tampered with”, 22.9% answered “Spam comments were posted”.

  • Unable to access the management screen: 38,1 %
  • The home page is fake:28,6%
  • Posted spam comments : 22,9%
  • Computer infected with malware:17,1%
  • Strange content appears:14,3
  • Content deleted:12,4%
  • Leaking important information:11,4%
  • A warning appears that the domain has been hacked:11,4%
  • Other:1,0%
  • No answer:3,8%
  • When security incidents occur on Word Press,  45.7% of businesses do not take “security measures”.

Question  2. Did you have any security measures in place at the company, at the time of the security incident on Word Press? . 8.6% answered “Almost not done”, 37.1% answered “Not done much”.

  • Almost didn’t make it :   8,6%
  • Haven’t done much :         37,1%
  • Done to a small extent :        31,4%
  • Implemented at a decent level :    22,9%
  • Don’t understand/can’t answer : 0,0%
  • As for not implementing security measures, 62.5% answered that there was no security-related knowledge. (most of the reasons)

Question 3. Proceed to ask those who answered “Almost not implemented”, “Not implemented much” in question number 2. Please indicate the reason for not implementing security measures on the word press when met. Must be an accident. Of the 48 people surveyed : 62.5%  answered that “No knowledge related to security”, 37.5% answered “Think it is not a problem, because it is a CMS of a large company”, 29 ,2% responded that “There is no one to discuss security issues with”.

  • No knowledge related to security: 62,5%
  • Thought it wouldn’t be a problem, because it’s a CMS from a large company : 37,5%
  • There is no one to discuss security with: 29,2 %
  • It is not possible to spend large sums of money on security : 20,8%
  • Businesses believed there was no problem: 16,7%
  • Because of the level of complexity : 4,2%
  • Other : 0,0%
  • Don’t understand/Can’t answer 0,0%
  • When security incidents occur on Word Press, about 80% regret that they should have taken security measures in advance.

Question 4. Proceed to ask those who answered “Almost not done”, “Not done much” in question number 2. When damage and security incidents occurred, did you think you should have done it? Take security measures in advance. Of the 48 people surveyed: 31.3% answered “I thought so”, 45.8% answered “I thought a little”.

  • Thought so :  31,3%
  • Thought for a bit: 45,8 %
  • Didn’t think much : 18,8 %
  • Absolutely did not think: 4,1 %
  • Don’t understand/can’t answer : 0,0%
  •  Regarding monitoring and maintenance activities of businesses that have implemented security measures in advance, 59.6% responded that “Rechecked server configuration/moved to a new server”, accounting for a high percentage. best.

Question 5. Ask those who answered “Implemented at a low level”, “Implemented at a fair level” in question number 2. Please indicate what monitoring and maintenance measures have been applied. reality after the incident?. Of the 57 people surveyed, 59.6% answered “Rechecked server configuration/moved to a new server”, 45.6% answered “Applied security plugins such as SiteGuard”, 43.9% answered “Monitoring tools and services have been applied”.

  • Rechecked server configuration/switched to new server : 59,6%
  • Applied security plugins such as SiteGuard :  45,6%
  • Monitoring tools and services have been applied : 43,9 %
  • Amended and completed management regulations : 42,1%
  • User permissions have been checked again : 33,3%
  • No practical application of security measures: 3,5%
  • Don’t understand/can’t answer : 0,0%
  • Other :    3,5%
  • “Wanting to increase security but having difficulty choosing”, “not feeling effective”… are concerns of businesses regarding security measures on Word Press.

Question  6. At question number 3, in addition to those who answered “don’t understand/can’t answer”, ask questions to the remaining people. Please let us know in terms of practical application and implementation of security measures, are there any points that are still worrying or difficult? Of the 48 people who were asked the question, 34 responses were received with content such as: “Want to increase security but have difficulty choosing”, “Do not feel effective”.

<Quoting some answers>

  • 37 years old : Want to increase security but have difficulty choosing.
  • 44 years old: Didn’t feel effective.
  • 37 years old : Anti- virus.
  • 63 years old : No specific plans for security enhancement measures are known.
  • 52 years old : Hacking.
  • 65 years old : How to raise security awareness among employees.
  • 61 years old : Some people use banned USBs.
  • 48 years old : There are concerns about security issues, but do not know the appropriate countermeasures.
  • 35 years old : Because I keep hearing notifications about security breaches, I’m thinking about switching back to regular HTML.
  • To prevent future security risks, up to 90% of businesses said they want to check and evaluate the safety level of their websites.

 Question  8. To avoid security incidents in the future, do you think you want to test and evaluate the safety level of the website?. Of the 105 people surveyed, 34.3% answered “Think so”, 53.3% answered “Think a little”.

  • Think so : 34,3%
  • Think a little : 53,3%
  • Don’t think much : 11,4%
  • Absolutely don’t think: 0,0%
  • Don’t understand/can’t answer : 1.0%
  • “Want to objectively check the security vulnerability of the company’s system”, “Because I don’t know clearly, I want to try the highly rated method”… are the answers people give when asked. Please indicate the  reason for wanting to check the website’s safety level.

Question 9. Conduct a survey of those who answered “Think so”, “Think a little” in question number 8. Please indicate the reason for wanting to check and evaluate the website’s safety level. Of the 92 people who were asked, they received 64 answers with content such as “I want to objectively check the security vulnerability of the company’s system”, “Because I don’t understand clearly, I want to try the current method”. highly appreciated”.

<Quoting some answers>

  • 36 years old : Want to objectively check the security vulnerabilities of the company’s system.
  • 48 years old : Because I don’t understand clearly, I want to try the highly rated method.
  • 46 years old : Because I want to operate the system more safely.
  • 41 years old : Care about the durability of the system, want to use it for a long time.
  • 65 years old : Because there are many users, I want to try once to evaluate the safety level of the system.
  • 44 years old : Want to identify potential problems.
  • 46 years old : Want the security aspect to be perfect.
  • 50 years old : Because I’m very worried about information leaks.

Summary

This time, we conducted a survey to understand the real situation of “security issues” targeting 105 managers and employees who have faced damage or security incidents when Use Word Press.

First, regarding security incidents that occurred in the past, 38.1% answered that they could not access the website and management screen, 28.6% answered that the home page was tampered with. When a security  incident occurred on Word Press, 45.7% of businesses did not take measures to ensure security. Regarding the reason for not doing it, up to 62.5% answered that they do not have knowledge about security, accounting for the highest percentage. About 80% regretted that they should have taken security measures in advance.

On the other hand, when asking questions related to monitoring and maintenance for businesses that have implemented security measures in advance, 59.6% answered “Rechecked server configuration/switched to server”. new” accounts for the highest percentage, followed by “Application of security plugins such as SiteGuard” accounts for 45.6%, “Implemented monitoring tools and services” accounts for 43.9%..

Regarding concerns about security measures on Word Press, we received answers such as: “Want to increase security but have difficulty choosing”, “Do not feel effective” ”…

Finally, to prevent future security risks, up to 90% of businesses said they want to check and evaluate the safety level of their websites. For reasons such as “I want to objectively test the security vulnerability of the company’s system”, “Because I don’t understand clearly, I want to test a highly rated method.”.

In this survey, it was found that a large number of businesses that encountered problems related to security policies when using Word Press had poor security awareness. Implementing daily countermeasures is important, but to prevent incidents from recurring, it is also essential to monitor and deal with damage after it occurs..

Now, when website operations have become inevitable for businesses, it can be said that a proper response before new incidents occur and when incidents occur is essential for management. important information in the business.

* Translate accordingly : https://prtimes.jp/main/html/rd/p/000000001.000094981.html

Bài viết liên quan