Website Hacking Statistics in 2024: Facts and Insights

0/5 No votes

Report this app

Description

Every developer, agency or website owner should be aware of the alarming state of website hacking statistics and cyber security statistics. Nearly every software created is at risk to being “hacked” in some manner, and statistical analysis can provide guidance on where to direct your attention.

Cybersecurity is now an every-day issue for companies. Websites get hacked every day and some of those hacks are fatal to businesses attacked.

IBM’s chairman, president and CEO

To help you grasp the latest website hacking stats, we’ve gathered the important ones you need to know.

Let’s dig in.

Website Hacking Statistics

Research suggests that there’s an attack approximately every 39 seconds on the web, and the probability of attackers succeeding increases when non-secure usernames and passwords are used.

However, it’s essential to note that an attack doesn’t always lead to a successful hack. For Example, at mustafabugti.com, we witness thousands of attacks targeted at the websites we protect each day. These attacks are logged and monitored by our firewall system and the web application firewall on the website is to make sure the attacks won’t be successful.

(Source: Breach Level Index)

These facts show us the average number of records stolen per second. In general, breaches are infrequent occurrences, but when they do happen, as we’ve observed, large volumes of records are often stolen simultaneously.

Additionally, 73% of black hat hackers consider traditional firewall and antivirus security to be irrelevant or obsolete. However, this is primarily true in the context of targeted attacks, where a hacker specifically selects your site and attempts to find an entry point.

The attacks that are usually targeted at websites or web applications are being implemented by using bots. This means usually that an automated tool has been told to search for a specific vulnerability or software that has a vulnerability. Hacking website with automatic tools is one of the most popular ways.

This is most often happening with WordPress sites where hackers try to exploit vulnerabilities in popular plugins. This is where you need a firewall with virtual patches to be protected.

(Source: McAfee)

Actually, only in 2017 alone, there were more than 317 million new pieces of malware – computer viruses or other malicious software created (Source: CNN). Unfortunately, we do not know the statistics of how many were created daily in 2019 yet.

(Source: Forbes)

These 30 000 sites are usually legitimate small businesses sites, that are unwittingly distributing malware. You can read about why would anyone hack a small business website here.

Website Hacking Statistics for WordPress

WordPress reveals that it is a prime target for hackers, possibly due to its extensive user base. The main threat isn’t WordPress itself but the amount of third-party plugins utilized by WordPress users.

A lot of developers or WordPress site owners have had the experience of getting their site built with WordPress hacked.

Whether WordPress makes its core more secure or not, the effectiveness of these security tactics does not apply to its plugins. It’s because WordPress allows users to extend the basic functionalities of the platform using all these different kinds of components.

The vulnerabilities most commonly found in WordPress plugins can range from the disclosure of sensitive information to SQL injection, and remote code execution.

Since WordPress is used by over 35% of all websites it is unsurprisingly also registered as the one with the highest number of vulnerabilities (542) in 2018, which is a 30% increase from 2017 (Figure 5).

Source

According to the WordPress official site, the current number of plugins is 57,365 and the number of plugins has actually decreased since the end of 2018.

Despite the slow growth or decrease of new plugins, the number of WordPress vulnerabilities is still increasing. The explanation for this could either be the code quality of the plugins, or the fact that WordPress is such a popular CMS, which motivates more attackers to develop attack tools and try their luck in searching for security holes in the code.

A very worrisome fact about website hacking statistics and hacking websites is that 98% of WordPress vulnerabilities are related to plugins. (See Figure 7 below.)

Source

According to CVE Details, XSS attacks are the most common threat to WordPress sites, followed by code execution, and then various bypass vulnerabilities.

What is even the most worrisome is that in these top 10 WordPress plugins listed you can see 5 commercial plugins, they have around 21 million downloads and one of these plugins is a security plugin. (Source: WP WhiteSecurity)

Website Hacking Statistics

Source: WP WhiteSecurity

To top it off, even more, the sad part is that anyone can create a plugin and publish it — WordPress is open source and nobody is performing a code analysis before the new plugin is sent out for the world. Also, there are no serious security standards for these plugins hence, WordPress plugins are unfortunately prone to vulnerabilities.

Website Hacking Statistics: Web Application Vulnerabilities

According to statistics, web applications have become the #1 target for the exploitation of vulnerabilities and unfortunately, all kinds of software are prone to security breaches.

Researchers identified approximately 70 types of weaknesses in web applications. Cross-site scripting (XSS) vulnerabilities, as usual, were found to be prevalent in many web applications.

Acunetix’s report “Web Application Vulnerability”

Four out of five web applications were found to have configuration errors, including default settings, standard passwords, error reporting, full path disclosure, and other information leaks that could be exploited by potential intruders.

Acunetix’s report “Web Application Vulnerability”

Usually, the attacker’s goals are to make the victim involuntarily run a maliciously injected script, which is executed by a trusted web application. In this way, the cybercriminal can steal the user’s data, or even modify the applications to send sensitive data to any recipient.

Acunetix’s report “Web Application Vulnerability ”

There are different sources for cyber security statistics that we found information from and some of the information varies. ENISA Threat Landscape Report, SQL injections were identified as the most prevalent type of attack, accounting for 51% of the total.

Web Professionals Worry About Website Security

In the second quarter of 2020, we surveyed more than 300 web developers, freelancers, and digital agencies. The aim was to understand if they are worried about website security, which makes them worry, and what are the challenges they want to overcome.

In the survey, 243 respondents expressed growing concerns about website security.

Over 73% of digital agencies and freelancers are growing increasingly concerned about website security. Among WordPress users, this figure was slightly higher, at 75%.

Website security survey

The data also revealed that while agencies and web professionals are both increasingly worried and have challenges with website security – only a little less than half of them (45%) They should implement appropriate measures to safeguard the websites under their responsibility.

During the first half of the year, we noticed an increased amount of attacks targeted to websites. Since COVID-19 demanded a change in our lifestyle, it also made us use the internet much more than before. That resulted also in a higher amount of cyber attacks and attacks targeted to websites, which meant for us – more work.

source

Over half of the respondents of our survey stated that while they are concerned about their sites’ security, they also see the concern being justified due to an increased number of attacks targeted to their sites during the crisis.

Nearly 43% of the respondents reported experiencing a rise in attacks aimed at the websites for which they are accountable. We also discovered that 25% of the responders have seen a hacked website in the past month prior to participating in the survey.

A study indicates that Americans express more concern about cybercrime than about violent crimes such as terrorism, murder, and sexual assault. Not only are Americans more worried about cybercrime than other crimes, but their worries about cyber crimes have been consistent for about a decade now. (Source: news.gallup.com)

As you also can see from the picture above, the study states that out of 13 crimes measured, Americans continue to worry most about cybercrimes. 71% worry about the hacking of personal data while 67% about identity theft.

To put in perspective only 24% of people participating in the study were worried about being a victim of terrorism, 22% were worried about being attacked while driving, 20% about being sexually assaulted, and 17% about being murdered.

A study involving over 4,000 organizations across the US, UK, Germany, Spain, and the Netherlands revealed that the majority of these organizations are ill-prepared and would suffer significant consequences from a cyber attack. The study indicates that a staggering 73 percent of companies are not adequately prepared for such an event.(Source: hiscox.co.uk)

Conclusion

These statistics are highlighting how important it is to always be on top of what happens with your company, the people and the software you are using.

To be alert and secured you should always keep the software you use updated and monitored. Make sure you are always aware of the components you are using on your web applications and always remove the ones that you are not using.

Choose a trustworthy hosting provider. You can find information on selecting a hosting provider here.

It is also very important to choose the right security provider for your WordPress site or any web application. When it comes to WordPress security plugins, first I recommend you to get a better understanding of the WordPress security plugins ecosystem and how they all work. Consider opting for a solution that provides virtual patching capabilities. Additionally, before implementing a firewall on your web application, it’s crucial to inspect the code thoroughly.

If you haven’t got technical skills to evaluate the chosen firewall code, let a professional help you out. Always remember that when it comes to security – make your research before buying a fancy bucket of hope. Be critical and be smart.

All Resources and links used in this Article

News.gallup.com

Hiscox.co.uk

Forbes.com

Money.cnn.com

securitymagazine.com

ptsecurity.com

mcafee.com

Comments closed.