Every developer, agency or website owner should be aware of the alarming state of website hacking statistics and cyber security statistics. Nearly every software created is at risk to being “hacked” in some manner, and statistical analysis can provide guidance on where to direct your attention.
Cybersecurity is now an every-day issue for companies. Websites get hacked every day and some of those hacks are fatal to businesses attacked.
“Cybercrime is the greatest threat to every company in the world.”
IBM’s chairman, president and CEO
To help you grasp the latest website hacking stats, we’ve gathered the important ones you need to know.
Let’s dig in.
Website Hacking Statistics
Research suggests that there’s an attack approximately every 39 seconds on the web, and the probability of attackers succeeding increases when non-secure usernames and passwords are used.
However, it’s essential to note that an attack doesn’t always lead to a successful hack. For Example, at mustafabugti.com, we witness thousands of attacks targeted at the websites we protect each day. These attacks are logged and monitored by our firewall system and the web application firewall on the website is to make sure the attacks won’t be successful.
Hackers steal 75 records every second.
(Source: Breach Level Index)
These facts show us the average number of records stolen per second. In general, breaches are infrequent occurrences, but when they do happen, as we’ve observed, large volumes of records are often stolen simultaneously.
Additionally, 73% of black hat hackers consider traditional firewall and antivirus security to be irrelevant or obsolete. However, this is primarily true in the context of targeted attacks, where a hacker specifically selects your site and attempts to find an entry point.
The attacks that are usually targeted at websites or web applications are being implemented by using bots. This means usually that an automated tool has been told to search for a specific vulnerability or software that has a vulnerability. Hacking website with automatic tools is one of the most popular ways.
This is most often happening with WordPress sites where hackers try to exploit vulnerabilities in popular plugins. This is where you need a firewall with virtual patches to be protected.
Each day, hackers generate around 300,000 new pieces of malware.
(Source: McAfee)
Actually, only in 2017 alone, there were more than 317 million new pieces of malware – computer viruses or other malicious software created (Source: CNN). Unfortunately, we do not know the statistics of how many were created daily in 2019 yet.
On average Every day, approximately 30,000 new websites fall to hacking attacks on average.
(Source: Forbes)
These 30 000 sites are usually legitimate small businesses sites, that are unwittingly distributing malware. You can read about why would anyone hack a small business website here.
Website Hacking Statistics for WordPress
WordPress reveals that it is a prime target for hackers, possibly due to its extensive user base. The main threat isn’t WordPress itself but the amount of third-party plugins utilized by WordPress users.
A lot of developers or WordPress site owners have had the experience of getting their site built with WordPress hacked.
Whether WordPress makes its core more secure or not, the effectiveness of these security tactics does not apply to its plugins. It’s because WordPress allows users to extend the basic functionalities of the platform using all these different kinds of components.
The vulnerabilities most commonly found in WordPress plugins can range from the disclosure of sensitive information to SQL injection, and remote code execution.
Since WordPress is used by over 35% of all websites it is unsurprisingly also registered as the one with the highest number of vulnerabilities (542) in 2018, which is a 30% increase from 2017 (Figure 5).
Source
According to the WordPress official site, the current number of plugins is 57,365 and the number of plugins has actually decreased since the end of 2018.
Despite the slow growth or decrease of new plugins, the number of WordPress vulnerabilities is still increasing. The explanation for this could either be the code quality of the plugins, or the fact that WordPress is such a popular CMS, which motivates more attackers to develop attack tools and try their luck in searching for security holes in the code.
A very worrisome fact about website hacking statistics and hacking websites is that 98% of WordPress vulnerabilities are related to plugins. (See Figure 7 below.)
Source
The top vulnerability types in WordPress plugins are Cross-site Scripting (XSS) and SQL Injection.
According to CVE Details, XSS attacks are the most common threat to WordPress sites, followed by code execution, and then various bypass vulnerabilities.
What is even the most worrisome is that in these top 10 WordPress plugins listed you can see 5 commercial plugins, they have around 21 million downloads and one of these plugins is a security plugin. (Source: WP WhiteSecurity)
Website Hacking Statistics
Source: WP WhiteSecurity
To top it off, even more, the sad part is that anyone can create a plugin and publish it — WordPress is open source and nobody is performing a code analysis before the new plugin is sent out for the world. Also, there are no serious security standards for these plugins hence, WordPress plugins are unfortunately prone to vulnerabilities.
Website Hacking Statistics: Web Application Vulnerabilities
According to statistics, web applications have become the #1 target for the exploitation of vulnerabilities and unfortunately, all kinds of software are prone to security breaches.
Researchers identified approximately 70 types of weaknesses in web applications. Cross-site scripting (XSS) vulnerabilities, as usual, were found to be prevalent in many web applications.
46% of web applications have critical vulnerabilities.
Acunetix’s report “Web Application Vulnerability”
Four out of five web applications were found to have configuration errors, including default settings, standard passwords, error reporting, full path disclosure, and other information leaks that could be exploited by potential intruders.
30% of web applications are vulnerable to XSS.
Acunetix’s report “Web Application Vulnerability”
Usually, the attacker’s goals are to make the victim involuntarily run a maliciously injected script, which is executed by a trusted web application. In this way, the cybercriminal can steal the user’s data, or even modify the applications to send sensitive data to any recipient.
87% of websites have mid-level weaknesses.
Acunetix’s report “Web Application Vulnerability ”
There are different sources for cyber security statistics that we found information from and some of the information varies. ENISA Threat Landscape Report, SQL injections were identified as the most prevalent type of attack, accounting for 51% of the total.
Web Professionals Worry About Website Security
In the second quarter of 2020, we surveyed more than 300 web developers, freelancers, and digital agencies. The aim was to understand if they are worried about website security, which makes them worry, and what are the challenges they want to overcome.
In the survey, 243 respondents expressed growing concerns about website security.
Over 73% of digital agencies and freelancers are growing increasingly concerned about website security. Among WordPress users, this figure was slightly higher, at 75%.
Website security survey
The data also revealed that while agencies and web professionals are both increasingly worried and have challenges with website security – only a little less than half of them (45%) They should implement appropriate measures to safeguard the websites under their responsibility.
During the first half of the year, we noticed an increased amount of attacks targeted to websites. Since COVID-19 demanded a change in our lifestyle, it also made us use the internet much more than before. That resulted also in a higher amount of cyber attacks and attacks targeted to websites, which meant for us – more work.
source
Over half of the respondents of our survey stated that while they are concerned about their sites’ security, they also see the concern being justified due to an increased number of attacks targeted to their sites during the crisis.
Nearly 43% of the respondents reported experiencing a rise in attacks aimed at the websites for which they are accountable. We also discovered that 25% of the responders have seen a hacked website in the past month prior to participating in the survey.
A study indicates that Americans express more concern about cybercrime than about violent crimes such as terrorism, murder, and sexual assault. Not only are Americans more worried about cybercrime than other crimes, but their worries about cyber crimes have been consistent for about a decade now. (Source: news.gallup.com)
As you also can see from the picture above, the study states that out of 13 crimes measured, Americans continue to worry most about cybercrimes. 71% worry about the hacking of personal data while 67% about identity theft.
To put in perspective only 24% of people participating in the study were worried about being a victim of terrorism, 22% were worried about being attacked while driving, 20% about being sexually assaulted, and 17% about being murdered.
A study involving over 4,000 organizations across the US, UK, Germany, Spain, and the Netherlands revealed that the majority of these organizations are ill-prepared and would suffer significant consequences from a cyber attack. The study indicates that a staggering 73 percent of companies are not adequately prepared for such an event.(Source: hiscox.co.uk)
Conclusion
These statistics are highlighting how important it is to always be on top of what happens with your company, the people and the software you are using.
To be alert and secured you should always keep the software you use updated and monitored. Make sure you are always aware of the components you are using on your web applications and always remove the ones that you are not using.
Choose a trustworthy hosting provider. You can find information on selecting a hosting provider here.
It is also very important to choose the right security provider for your WordPress site or any web application. When it comes to WordPress security plugins, first I recommend you to get a better understanding of the WordPress security plugins ecosystem and how they all work. Consider opting for a solution that provides virtual patching capabilities. Additionally, before implementing a firewall on your web application, it’s crucial to inspect the code thoroughly.
If you haven’t got technical skills to evaluate the chosen firewall code, let a professional help you out. Always remember that when it comes to security – make your research before buying a fancy bucket of hope. Be critical and be smart.
All Resources and links used in this Article
بِسْمِ ٱللَّٰهِ ٱلرَّحْمَٰنِ ٱلرَّحِيمِ
I’m Mustafa Bugti I write about Business Softwares and created this blog in 2024. I Started using WordPress in 2024 and Embarked on a highly successful career as an entrepreneur in SaaS Community. I’m 23 year old entrepreneur. I live in Sui Dera Bugti, Balochistan, Pakistan
Comments closed.