Security blind spots: It turns out they’re everywhere on the web.

sbsIt seems like there’s a story every other day about security breaches affecting e-commerce sites and other websites where consumers congregate.

And now we have quantification of the challenge. Ghostery, a provider of apps that enable consumers to identify and block company tracking on website pages, has examined instances of non-secure digital technologies active on the websites of 50 leading brands in key industry segments like news, financial services, airlines and retail.

More specifically, Ghostery was looking for security “blind spots,” which it defines as non-secure tags that are present without the permission of the host company.

What it found was that 48 of the 50 websites it studied had security blind spots.

And often  it’s not just one or two instances on a website. The analysis found that retail web pages host a high concentration of non-secure technologies:  438 of them on the Top Ten retail sites it analyzed (companies like Costco, Kohls, Overstock.com, Target and Walmart).

Financial services sites are also hit hard, with 382 blind spots identified, while airline websites had 223 instances. And they’re often present on the pages described as “secure” on these websites.

Scott Meyer, who is Ghostery’s chief executive officer, had this to say about the situation:

“Companies have very little understanding of what’s happening on their websites. The problem is not with any of the company’s marketing stacks, it’s with their own tech stacks.  What these companies have now is marketing clouds, not websites, and they’ve gotten complicated and hard to manage.”

Scott Meyer, Ghostery CEO
Scott Meyer, CEO of Ghostery (formerly The Better Advertising Project and Evidon).

There was one leading brand web site that came off looking squeaky clean compared to the others: Amazon.  “Amazon is incredibly sophisticated; others are not,” Meyer noted.

The implications of avoiding addressing these security blind spots could be seriously negative. Bot networks often use non-secure technologies to gain entry to websites.  Google is indexing company websites higher in search engine results based on their security ratings.

It makes it all the more important for companies to audit their websites and set up system alerts to identify the non-secure tags.

For the leading brands in particular, they just need to suck it up and do it for the benefit of their millions of customers.

Spam-a-lot? You Bet-a-lot.

It’s no secret that corporate inboxes are stuffed with e-mail messages that are – let’s be kind here – unneeded or unwanted. And the latest report from anti-virus software maker Symantec Corporation confirms this in spades.

The report, covering April activity, claims that unsolicited e-mail makes up nearly 91% of messages on corporate networks. And it turns out this is nothing unusual, as earlier surveys have shown that spam makes up anywhere from 80% to 95% of all e-mail volume on the Internet.

So when you look at your own inbox, you might be pleased if your spam volume isn’t that high. And probably it isn’t, because corporate spam filters are blocking a big volume of e-messages before they ever hit your own inbox.

So where is all of this spam coming from? Symantec reports that nearly 60% of it comes from botnets, which are networks of hacked computers that can do all sorts of mischief – not only e-mailing spam, but also swiping financial information or launching cyber attacks. The “worst of the worst” are donbot spammers, which are computers that are available for rent on the black market. According to Symantec, those represent more than 18% of all spam e-mail volume.

But of course, nothing stays the same for long in the cyber environment. A new, even more alarming trend is being noted with an increase of non bot-driven spam. In those cases, spammers are renting legitimate network services (usually located offshore) and blasting huge amounts of spam at large individual Internet service providers. The objective is to push as many messages as possible onto the network before the ISP’s filtering software is able to detect it.

How much of this is going on? Hundreds of thousands of messages each day, and getting greater all the time.

And if that wasn’t enough, just like flies at a Fourth of July picnic, spammers have now discovered social networks, taking over an alarming number of Facebook and Twitter accounts and phishing for user passwords. These swiped passwords are then used to spam the friends of victims with obnoxious unwanted promotional mail about various products let’s just refer to euphemistically as “personal” or “intimate.” Experts say these types of attacks are particularly effective because they can’t be filtered at a corporate firewall level, and because any such message looks like it’s been sent by a friend of the recipient.

So if you’re on any of these social networking platforms, despite their apparent safety, the watchword should still be: “Caution.”