1(630)802-8605 Ravi.das@bn-inc.net

In the world of Cybersecurity today, there is a newer form of threat vector that is slowly emerging (actually, it really depends upon how you look at – to some experts, it may be an older form, but just a new variant that has come out). 

So, what am I talking about exactly?  This is when you visit a malicious website that looks just like the real thing, or, you visit a real website, but through a backdoor in the source code, the Cyberattacker was able to install some malicious code.

I am talking about this from first hand experience.  About two months ago, I was visiting some website of various Cybersecurity vendors.  On one them, on the contact page, I had actually picked up a virus (which I think is a .DOC malware) and it totally infected my computer.  There was not much else I could, so I had to go out and buy a new laptop (which I have been wanting to do for some time anyways).

The question now remains:  What is a safe website to visit?  Given how sophisticated the Cyberattacker has become, it is almost to tell at times.  But here is some help:  The Internet Society “Online Trust Alliance” just released the results of their 10th annual “Online Trust and Honor Roll” report.  In this study, they audited over 1,200 websites in an effort to determine if they are safe or not for a person to visit. 

So, here are the safest websites they found, from best to worst in terms of Security:

*Government and other agency related websites:

This group made the top of the list, reaching an overall rating of 91%.  They were found to have adopted very strong standards for the use of DMARC adoption, Security Policy enforcement, and the use of the latest Internet Protocol, IPv6.

*Consumer Services Websites

They had an overall score of 85%.  What made this crowd stand out was their use of Email authentication services, and vulnerability reporting.  But unfortunately, this group was also the highest hit in terms of Cyberattacks.

*News Services Websites

I am assuming that this included the likes of all of the major news ones, like CNBC, CNN, Fox, etc.  They had an overall acceptability score of 78%.  What brought them up to the top of the list this year was their multiple deployment encryption sessions.  However, I am still leery of news websites that have a ton of video and ads on them.

*The FDIC 100 Banks:

This group had a safety ranking of 73%.  In 2017, they were at the bottom of the poll, at ranking of 27%.  So, what made the difference this time?  Making use of Email encryption, SSL Certificates, and lower incidents of Cross Site Scripting (XSS).  My bank has started to make use of Captchas, which I find to be very annoying.

*The Internet Retailers:

These websites had an overall safety rating of 65%.  They have made great strides with regards to Email authentication, but because of their heavy usage of credit cards (and at the Point of Sale terminals at the brick and mortar locations) they were ranked the worst of the protection of PII, by having a raking of well over 50%.

*The Internet Service Providers:

This is the only real technological group that was examined in this survey, and their websites had an overall security rating of just 63%, although this is an improvement from 2017, in which they had a ranking of 46%.

*Healthcare Organizations:

These include the websites of all of the major health care institutions, primarily those that deal with medical insurance, such as Blue Cross Blue Shield, United Healthcare, Aetna, etc.  This group was ranked at the bottom of the list, with an overall security rating of just 57%.  But, when it comes to privacy of the PII, they were the second highest ranked.

My Thoughts on This:

Overall, the study found a huge improvement in the use of various Security technologies, such as:

*Encryption:

Overall, the survey found that 93% of the websites audited made use of sort of Encryption level.

*DMARC Records, SPF, & DKIM:

These are simply techno jargon related terms that refer to Email Authentication.  Over 50% of the audited websites have been making use of these mechanisms.

*Vulnerability Reporting:

This is was a surprise here, as 11% of the audited websites have now implemented this.

My thoughts on this:

In my view, I am quite surprised to see that the ISPs and the Healthcare Organizations are ranked so low.  One would think that with the stringent requirements of HIPAA, the Healthcare sector would be at the top.  ISP’s have now even a greater responsibility to protect their IT Infrastructures, as Corporate America is making use of Cloud related platforms.  So, I still do not understand why they are ranked at the bottom.

One would think that with all of the Cyberattacks occurring, this group would have adopted the highest levels of Security.  Keep in mind though, any website is vulnerable to the injection of malicious code; so that when you visit them, you could easily become a victim, like what happened to me.  This is not to say don’t access websites, we have to on a daily basis in order to conduct our daily professional and personal tasks.

The best line of defense is to use your gut.  If something just doesn’t feel right, exit the website immediately.  Also, many websites are required to notify you if they are using cookies if you are surfing their particular site.  Always deny this option, and if they don’t offer it, simply exit the website.  Remember, the use of cookies is a very easy backdoor for the Cyberattacker to get into your computer.

Also, many of the browsers (especially Chrome) have become advanced enough now that they will warn you if you are about to visit a website that is deemed to be unsafe.  Of course, you have the option to continue on at your own risk; but it would be wise not to do so.

Finally, in order to access more details on this study, click on this link:

https://otalliance.org/HonorRoll